--- title: Updating the server configuration to use the new certificate description: Before updating the server to use the appropriate key pair, update the listener-certificate property for the server instance's LDAP listener in the topology registry. component: pingauthorize version: 11.0 page_id: pingauthorize:pingauthorize_server_administration_guide:paz_update_config_new_cert canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_server_administration_guide/paz_update_config_new_cert.html revdate: June 13, 2024 section_ids: about-this-task: About this task steps: Steps --- # Updating the server configuration to use the new certificate Before updating the server to use the appropriate key pair, update the `listener-certificate` property for the server instance's LDAP listener in the topology registry. ## About this task To support the transition from an existing certificate to a new one, earlier and newer certificates might appear within their own beginning and ending headers in the `listener-certificate` property. To update the server configuration to use the new certificate, perform the following steps: ## Steps 1. Export the server's previous `server-cert` into `old-server-cert.crt`. ``` manage-certificates export-certificate \ --keystore keystore \ --keystore-password-file keystore.pin \ --alias server-cert \ --output-file old-server-cert.crt ``` 2. Concatenate the previous and new certificate into one file. On Windows, use a text editor like Notepad. On Unix, use the following command. ``` cat old-server-cert.crt new-server-cert.crt > old-new-server-cert.crt ``` 3. Use `dsconfig` to update the `listener-certificate` property for the server instance's LDAP listener in the topology registry. ```shell $ bin/dsconfig -n set-server-instance-listener-prop \ --instance-name \ --listener-name ldap-listener-mirrored-config \ --set "listener-certificate