Update a TLS certificate

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

If a TLS certificate expires, or if your system configuration changes such that the certificate is no longer valid, then you need to update the certificate. The process of updating a certificate depends on your deployment of Edge: cloud or on-premises.

Determine when a cert is due to expire

Typically, you create a new keystore before the current certificate expires, and then update your virtual hosts or target endpoints to use the new keystore so that you can continue to service requests without interruption due to an expired certificate. You can then delete the old keystore after ensuring that the new keystore is working correctly.

To check when a certificate is due to expire, go to:

  • (New Edge UI) Admin > Environments > TLS Keystores
  • (Classic Edge UI) APIs > Environment Configuration > TLS Keystores