We have a certificate used for southbound client authentication (mTLS or mutual authentication) and it’s close to expire. It is into a TLS Keystore in Apigee X. We loaded it into Apigee using a .p12 file with a password. The new certificate which will replace the old one is also a .p12 file with a password.
When we try to upload the new certificate using the “Update Certificate” option, we don’t see any place to put the password of the new certificate. We can only put the new certificate file. If we do that, we receive an error saying “failed to parse x509 certificate”.
Below you can see some screenshots of the process:
It says “You can upload a new PEM file” but the original certificate was not a .pem file, it was a .p12 file, and so is the new file.
If we try to update the certificate using Maven, it just skips the certificate saying it already exists. The only way we found to update a p12 certificate in Apigee X was modifying the Target Server so it doesn’t use the reference to the KeyStore, then deleting the reference, the keystore, and the certificate, so we can upload it cleanly.
Is this intended? Should we convert it to PEM to be able to update it?