Upload or renew a Governance CA

Upload a custom Governance CA

You can use a REST API to upload a custom Governance CA. This action pushes the Governance CA to all registered Transfer CFTs, which then have both an old and a new certificate. Additionally, if a Transfer CFT registers with Central Governance after uploading a custom Governance CA, it too gets the new certificate.

You can view the results of this certificate update in the UI on the Administration > Deployments List page.

Note, however, that the upload process does not activate the certificate. See cgcmd configure - u for details on activating the certificate. Be certain to stop Central Governance prior to running the cgcmd configure command.

The REST API command output indicates if the new certificate is valid.

POST /api/v2/configurations/cas



"certificateContent": <New Governance CA. P12 certificate encoded in Base 64>,

"certificatePassword": <certificate password>,

"name": <certificate alias>


See Renew the Governance CA for information on certificate management.

Renew a certificate

The Transfer CFT Governance certificate, which is used for the communication between Transfer CFT and Central Governance, is issued by the Governance CA. If the Governance CA changes, you must update the Transfer CFT Governance certificate on each Transfer CFT.

Use the following command to renew the Transfer CFT Governance certificate on all (listed) Transfer CFTs.

POST api/v2/cft/certificate/governance/renew




Optionally you can supply a renew date using the format: YYYYMMDDHHMMSS (for example, 20190517125500). This defines a UTC date after which Transfer CFT instances will renew certificates. The default renewal time is the current UTC. Refer to the Transfer CFT Users Guide > Certificate renewal for details.

Note For the new Governance CA to be taken into account, you must restart the Copilot server for all Transfer CFT versions except Transfer CFT 3.3.2 SP4.


Central Governance | Document Directory

Related Links