How can i change only root certificate from chain installed

Hi There,

Can someone confirm if it is possible to replace only root certificate in existing chain? Certificate is having 3 certs in chain i.e. Root --> Intermediate --> Leaf.

APIGEE version i am using is 4.19.01 private cloud.

0 2 393
2 REPLIES 2

to replace only root certificate in existing chain?

Replace where? In the truststore? Keystore?

if you're speaking of truststores, the recommendation is

  • install only trusted roots in the truststore
  • if you want to change the truststore, you can remove or add certs into the truststore.
  • It's also a good idea to use a reference to a truststore, to allow easy changes. Check the documentation on truststores and references to understand this further.

In the keystore, it would be the same... you need to install the chain, and probably use a reference, for the same reasons.

So to answer your question: No, don't modify a truststore/keystore. Use a reference, create a new keystore or truststore, and then swap the reference.

Not applicable

if you have all the certificates(root, intermediate, service) in one file then you need to update the file with new root certificate and make a put call to update the certificate with the same alias.
if all files are separately placed then you can just upload the new root certificate and remove the old one.

reffer: https://apidocs.apigee.com/management/apis/put/organizations/%7Borg_name%7D/environments/%7Benv_name...

and

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_nam...