How to renew domain certificate installed on dedicated load balancer for TIBCO Cloud API Management?

book

Article ID: KB0070986

calendar_today

Updated On:

Products	Versions
TIBCO Cloud API Management	-

Description

With the new “Certificate Notification Management”, Support can configure a list of certificates used for an Area and set up expiration notifications.
These notifications will show up on the landing page on the Control Center.

Issue/Introduction

This article describes the process to have a customer provided certificate installed on the dedicated LB created for their area.

Environment

Resolution

Here are the steps to be followed if there is one or more certificate(s) up for renewal.

(1) Please obtain your new Certificate(including Intermediate Certs) and Private Key (in PEM format).

(2) Please mention if you are dropping or adding any new domain/s to the certificate during renewal.

(3) Please create a case when you have your new Certs/Key with the email address where we can send the credential for SFTP for secure transfer.

(4) Once we have the certificate, we will check and confirm that it is good and meets our deployment standards. At that point we hand it over to our operations team for deployment.

(5) Please note that it takes 5 to 7 business days to schedule and deploy the certificates after the above step depending on the operations team's availability.

(6) Our preference is to deploy the certificates during IST business hours, Monday to Thursday.

(7) The case will be updated as soon as the certificate gets deployed so that you can start testing. We will not be able to entertain requests to be on 'stand-by' on a call/webconf during the install process. Our SRE team cannot join a meeting and if required please update the case with a window of time indicating when the renewed certificate should be installed.

(8) We urge you to process this quickly to avoid potential impact to your system on the expiration date indicated above.

PLEASE DO NOT ATTACH KEYS TO THE SALESFORCE CASE.

If you are not the right contact for such a request then please work with your Admin to identify the correct contact or let us know asap. Please also have your Admin indicate if there is any change in Ops and tech contacts for your implementation. Admin can specify the change by opening a case from support.tibco.com.

SSL/TLS certificate expiry has a real traffic impact. It will cause HTTPs calls made to specific domains to fail with 504-TIMEOUT.

We would like to request you to:

(1) Create an email distribution list of contacts within your organization that you believe should be part of these SSL expiry conversations. Best practice is to have one single distribution list (D-list) of operational contacts including security. The same can be used to subscribe to status page notifications (status.cloud.tibco.com).

(2) Contact your TIBCO Support Portal Administrators or log a Case with us to get a user created with that D-list as contact email. Please name the Support contact as SSL_<YourCompantyName>_Mashery so that we can easily identify the SSL contact.

(3) Give that user 'Case Creation' rights and 'Cloud Service Notification' Role for Support portal.

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"