We are currently deploying 24 renewed certificates on our Software Gateways (9.1), for the admin port, using Policy Manager.
For some gateways, the new certificate is shown when calling an API, whereas on some other the old one is still being sent and thus we are forced to restart the service.
Please note we're deleting the soon to be expired certiicate before importing new one.
Would you be able to confirm if you are replacing Private Keys or Certificates (Manage Certificates interface) on the gateway? If it is private keys, do they have similar chains or updated chains to other private keys loaded on the gateway?
Director, CA Support
We are replacing both.
- remove private key
- import private key
- remove certificate
- import certificate
- Rebind admin listen port to newly imported alias.
Chains are similar as we are using same CSR in order to renew certificate on our corporate PKI.
Are the listen ports using the default ssl key, in which case a restart of the Gateway would be required.