Regenerate Expired Keys

Private keys in the gateway usually have a lifetime of five years. These keys do not require regeneration prior to their expiration date unless the Gateway host name or the cluster host name changes within the active period.

gateway91

Private keys in the CA API Gateway usually have a lifetime of five years. These keys do not require regeneration prior to their expiration date unless the Gateway host name or the cluster host name changes within the active period.

To regenerate an expired key, use the Manage Private Keys task. This allows you to create any number of keys and designate one to be the default SSL or default CA key.

When a CA key is regenerated, certificates issued by a previous CA are still valid. All new certificates are issued with the new CA key.

If both the CA and SSL keys require regeneration, you must perform the following steps:

Refresh any Gateway or back-end service that used the old SSL certificate or CA certificate to set up a trust relationship.

Update any affected Federated Identity Provider to use the new certificates. Use Step 2 of the Federated Identity Provider Wizard to remove the old certificates and add the new ones.

A default SSL key is automatically created the first time the Gateway is started. A default CA key is not created. For more information, see Configuring a CA Key for the Cluster to determine if you need one.

Administer the Gateway

Content feedback and comments

CA API Gateway 9.1

Regenerate Expired Keys