Resolution:
In order to replace the expired certificate,

1) Using the BC administration interface, upload the new private identity in the appropriate store
- with BC 3.x, this is under Trading Host/Host Identities/Key Identities;
- with BC 5.x, this is under BusinessConnect/Participants/host_participant_name/Credentials/New_Private_Key

(cf your BC manual for detailed steps)


2) Distribute to your trading partners using SSL-based communication, the public certificate associated to this new private identity.
   BC 5.x introduced the concept of a shadow certificate. This allows you to pre-define a cut-over date for BC to switch from the current identity to the newer one. (Please refer to your manual for further details.)


3) If in your architecture, the DMZ component is enabled, you MUST regenerate the DMZ component and re-deploy for this new identity to take effect. If you forget this step, any inbound SSL handshake (e.g. https) will keep using the former server identity.


4) We strongly suggest that you run a quick test at your end to make sure that the private identity related changes have taken effect.
    Use your preferred browser to connect to your B2B gateway URL, e.g. https://&ltDMZ Server IP Address>:&ltPort>
    The DMZ server will present its public certificate,
    Make sure that the newer certificate is presented (e.g. with the new expiration date).



**Important note**
There are two types of private identities used in BC to identity your B2B gateway. One is used during inbound SSL-based communication, the other type is used for document security (encryption and/or signature). We are here referring ONLY to the SSL-based communication.