Problem

How to exchange the Internal CA's of two SecureTransport servers?

Resolution

To exchange the Internal CA's of two ST servers (usually a Backend and an Edge server) the CA of the Backend should be exported and imported in the Edge and the Edge's CA should be exported and imported in the Backend. Follow the steps below:

1.Go to the Admin UI of the Backend, then to the Setup → Certificates → Trusted CAs page.

2. Locate the certificate with alias ca. NOTE: It must be the one labeled as "ca" only.

3. Export it and save it on the local computer.

4. Go to the Admin UI of the Edge, then to the Setup → Certificates → Trusted CAs page. Import the certificate, giving it a meaningful alias, for example "ca-backend".

WARNING: Do NOT import the certificate with alias "ca" (overwriting the existing one), since this will break the certficate chain on the server.

5. Repeat steps from 1 to 4, exporting the Edge's CA and importing it in the Backend's Trusted CAs page, again using a meaningful alias, for example "ca-edge".