Hi There,
Can someone confirm if it is possible to replace only root certificate in existing chain? Certificate is having 3 certs in chain i.e. Root --> Intermediate --> Leaf.
APIGEE version i am using is 4.19.01 private cloud.
to replace only root certificate in existing chain?
Replace where? In the truststore? Keystore?
if you're speaking of truststores, the recommendation is
In the keystore, it would be the same... you need to install the chain, and probably use a reference, for the same reasons.
So to answer your question: No, don't modify a truststore/keystore. Use a reference, create a new keystore or truststore, and then swap the reference.
if you have all the certificates(root, intermediate, service) in one file then you need to update the file with new root certificate and make a put call to update the certificate with the same alias.
if all files are separately placed then you can just upload the new root certificate and remove the old one.
and