Add certificates to gateways before upgrading API Connect

Add new certificates to your DataPower® Gateway servers before upgrading IBM® API Connect.

About this task

Before upgrading your API Connect deployment to 5.0.8.7 iFix 4 or later, you must add two new certificates to all of your DataPower Gateway servers to ensure that analytics events data is not lost during the upgrade. If you skip this step, the upgrade will be successful but you will lose analytics event records spanning the time when the management servers start up at the upgraded level until each Gateway server is removed and re-added after the upgrade.

Attention: This is a one-time task and does not need to be repeated with subsequent upgrades.

Procedure

  1. In API Connect, use the Cloud Manager to locate your DataPower domain.
    1. Log in to the Cloud Manager console and click Services.
    2. In the DataPower Services pane, click Service Settings to open the Service Settings page, and note the DataPower domain.
  2. For each Gateway server, select a method (UI or CLI) for adding the certificates to the server.
    Remember: Add the new certificates to every Gateway server in the domain.

    UI: Use the DataPower console to complete the following steps:

    1. Log in to the DataPower Gateway console.

      For the Domain field, select the domain that you obtained in Step 1. For the Graphical Interface field, select Blueprint Console.

    2. In the main navigation list, click Network to open the Network page.
    3. In the Network navigation list, expand Other and click Load Balancer Group.
    4. In the list of load balancer groups, click analytics-lb.
    5. In the Load Balancer Group analytics-lb tree, expand SSL Client Profile api-sslcli-x2020 and select Crypto Validation Credentials 2020_valcred.
    6. In the "Certificates" section, retain the x2020_pubcert certificate and add the following new certificates:
      • webapi-mgmt-client-intermediatecert
      • webapi-mgmt-client-rootcert
      Crypto validation credentials
    7. Click Apply.
    8. Review your configuration and save your changes.

    CLI: Use the DataPower command-line interface to complete the following steps:

    1. Log in to the DataPower CLI.
    2. Execute the following command to add two new certificates to the server:

      Use the domain from Step1 as the value for the switch setting.

      co; switch APIMgmt_BC0F2A1833 ; crypto; valcred x2020_valcred; certificate webapi-mgmt-client-intermediatecert; certificate webapi-mgmt-client-rootcert; exit; exit
    3. Review your configuration and then save your changes with the following command: 
      write memory
    4. Run the following command to end the CLI session: 
      exit; exit
    Remember: Add the new certificates to every Gateway server in the domain.

What to do next

Proceed to upgrade your API Connect deployment as explained in Upgrading your API Connect solution.