---
title: Retiring the old certificate
description: Retire the old certificate when it has expired by removing it from the topology registry.
component: pingdirectory
version: 9.3
page_id: pingdirectory:pingdatametrics_server_administration_guide:pd_met_retire_old_cert
canonical_url: https://docs.pingidentity.com/pingdirectory/9.3/pingdatametrics_server_administration_guide/pd_met_retire_old_cert.html
revdate: September 13, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Retiring the old certificate

Retire the old certificate when it has expired by removing it from the topology registry.

## About this task

All existing encrypted backups and LDIF exports are not affected because the public key in the old and new server certificates are the same, and the private key will be able to decrypt them.

## Steps

* To retire the old certificate, run the commands:

  ```shell
  $ cat new-ads.crt intermediate.crt root-ca.crt > chain.crt
  ```

  ```shell
  $ bin/dsconfig -n set-server-instance-prop \
    --instance-name <instance-name> \
    --set "inter-server-certificate<chain.crt"
  ```