Updating Expiring Certificates

During the connection process, API Experience Hub generates self-signed certificates that expire in one year.

One of these self-signed certificates links the Anypoint Platform organization and the Salesforce organization. The certificate and the private key are stored in Secrets Manager in Anypoint Security. When this certificate expires, no notification is sent to the administrator of the Salesforce instance. However, the initial connection between Anypoint Platform and Salesforce remains operational. The next time the administrator logs in to API Experience Hub, an error message displays a connection error and enables the administrator to reconnect. When the administrator logs back in to API Experience Hub, a new certificate generates automatically with a one-year expiration time.

API Experience Hub uses the Salesforce Metadata API to generate an Anypoint certificate during the connection process. The connected app uses this certificate to access metadata content from Anypoint. This certificate is also valid for one year. The administrator of the Salesforce instance receives an email 30 days before the certificate expires. Because a named credential uses the Anypoint certificate, you can’t delete the certificate.

Before getting started, ensure you have the API Experience Hub Administrator permissions.

To generate a new Anypoint certificate: