---
title: Troubleshooting mismatch of self-signed certificates
description: If the ASE certificate is changed after the deployment of the PingIntelligence policy and it doesn't match with the certificate present in the ase.pem certificate file, you might encounter Secure Sockets Layer (SSL)-related issues.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_integrations:pingintelligence_troubleshooting_mismatch_self_signed_certificates
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_troubleshooting_mismatch_self_signed_certificates.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  choose-from: Choose from:
  choose-from-2: Choose from:
---

# Troubleshooting mismatch of self-signed certificates

If the ASE certificate is changed after the deployment of the PingIntelligence policy and it doesn't match with the certificate present in the `ase.pem` certificate file, you might encounter Secure Sockets Layer (SSL) *(tooltip: \<div class="paragraph">
\<p>A protocol for authenticated and encrypted links between networked machines, typically over HTTPS. SSL was deprecated in 1999 in favor of Transport Layer Security (TLS).\</p>
\</div>)*-related issues.

## About this task

To resolve these issues:

## Steps

1. Undeploy the PingIntelligence policy by following either of the two options as applicable:

   ### Choose from:

   * [Undeploy PingIntelligence policy for Flow Hook with self-signed certificate](pingintelligence_apigee_undeploy_policy.html)

   * [Undeploy PingIntelligence policy for Flow Call Out with self-signed certificate](pingintelligence_apigee_undeploy_policy.html)

2. To obtain the correct certificate to match what's in the `ase.pem` file, run the following command.

   ```
   # openssl s_client -showcerts -connect  <ASE IP address>:<port no>  </dev/null 2>/dev/null | openssl x509 -outform PEM > ase.pem
   ```

3. Paste the correct certificate in the `/opt/pingidentity/pi/apigee/certs/ase.pem` file.

4. Redeploy the PingIntelligence policy by following either of the two options as applicable:

   ### Choose from:

   * [Deploy PingIntelligence policy for Flow Hook with self-signed certificate](pingintelligence_apigee_deploy_flow_hook.html)

   * [Deploy PingIntelligence policy for Flow Call Out with self-signed certificate](pingintelligence_apigee_deploy_flow_callout.html)

     |   |                                                                                                                     |
     | - | ------------------------------------------------------------------------------------------------------------------- |
     |   | Make sure that the `ase_ssl` parameter in `/pingidentity/pi/apigee/config/apigee.properties` file is set to `true`. |