Improving the IBM B2Bi Sterling Integrator logic when a system certificate expires

The B2Bi Sterling Integrator product does not seamlessly pick up or scan the system (netmap or adapters) for a new/valid certificate after a CA expires.

As an IBM customer and a long term B2B Sterling Integrator consumer, on two separate occasions in my environment there have been system certificates that have been renewed in good time ahead of an upcoming expiry.

The certificate was renewed, in this sense in our environment we migrated from CA7 to CA8 in production. We did not remove the CA7 certificate from the associated adapters or netmap configuration, but the new CA8 certificate was present across all of the required locations.

The reason we did not remove the CA7 certificate from our production environment, was because we have interfacing systems and consumers of our product offering which had not yet migrated over to CA7 (we have approx. 30 or 40) consumers, who either send or receive traffic to my B2Bi Sterling Integrator instance.

Unfortunately the CA7 certificate expired in production on 24th May at 00:59, at which point the system did not acknowledge or even pick up the valid and installed CA8 certificate in our environment. This led to a major production level outage across our business and impacted our customers globally.

My ask/idea to IBM here is to review the B2Bi Sterling Integrator logic when a system certificate expires, there should be a way the system can automatically scan the available/installed certificates in order to secure a connection with a Connect Direct partner.

The response from IBM today is that the product is working as per design - when as a customer, we must remove the CA7 certificate from all of the associated Connect Direct adapters and netmap configurations and restart, before the new CA8 certificate would be used for connectivity and file transfer.