BUG-835374: Updating expired default keystore and CA certificate (peg…

…asystems#689)

* Updating default keystore and CA certificate as they are expired

---------

Co-authored-by: Arva <srikanth.arva@in.pega.com>

charts/pega/README.md

@@ -1165,7 +1165,7 @@ Parameter   | Description   | Default value
 `service.tls.traefik.insecureSkipVerify` | Set to `true` to skip verifying the certificate; do this in cases where you do not need a valid root/CA certificate but want to encrypt load balancer traffic. Leave the setting to `false` to both verify the certificate and encrypt load balancer traffic. | `false`
 
 ##### Important Points to note
-- By default, Pega provides a self-signed keystore and a custom root/CA certificate in Helm chart version `2.2.0`. To use the default keystore and CA certificate, leave the parameters service.tls.keystore, service.tls.keystorepassword and service.tls.cacertificate empty.
+- By default, Pega provides a self-signed keystore and a custom root/CA certificate in Helm chart version `2.2.0`. To use the default keystore and CA certificate, leave the parameters service.tls.keystore, service.tls.keystorepassword and service.tls.cacertificate empty. The default keystore and CA certificate expire on 25/12/2025.
 - To enable SSL, you must either provide a keystore with a keystorepassword or certificate, certificatekey and cacertificate files in PEM format. If you do not provide either, the deployment implements SSL by passing a Pega-provided default self-signed keystore and a custom root/CA certificate to the Pega web nodes.
 - The CA certificate can be issued by any valid Certificate Authorities or you can also use a self-created CA certificate with proper chaining.
 - To avoid exposing your certificates, you can use external secrets to manage your certificates. Pega also supports specifying the certificate files using the certificate parameters in the Pega values.yaml. To pass the files using these parameters, you must encode the certificate files using base64 and then enter the string output into the appropriate certificate parameter.

charts/pega/config/certs/pegaca.crt

@@ -1,13 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIB+DCCAZ8CFG8/fDwY/1tqXeTTzOkWL1mZ2wO3MAoGCCqGSM49BAMCMH8xCzAJ
-BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i
-cmlkZ2UxGDAWBgNVBAoMD1BlZ2FzeXN0ZW1zIEluYzEZMBcGA1UECwwQQ2xvdWRF
-bmdpbmVlcmluZzEPMA0GA1UEAwwGcGVnYWNhMB4XDTIyMDUyNDExMDYzM1oXDTIz
-MDUyNDExMDYzM1owfzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
-dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEYMBYGA1UECgwPUGVnYXN5c3RlbXMgSW5j
-MRkwFwYDVQQLDBBDbG91ZEVuZ2luZWVyaW5nMQ8wDQYDVQQDDAZwZWdhY2EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAASk58j/K3IzPUnsQxSrQ0LgstNaefjUneFa
-ewnBu1m2mMIIy1yEq66cai/o+95w0rzeHoaAhklxN9p3l2GIHbTwMAoGCCqGSM49
-BAMCA0cAMEQCIGHZKwtq7j7Avnq+0XakpFM6HNTBqLDCsWaegh379hElAiApObu8
-eLrNeUHdLylqMQ4dG/jSz17ovhOwgBu9A72dog==
+MIIDgTCCAmmgAwIBAgIEbZW6yjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJJ
+TjESMBAGA1UECBMJVGVsYW5nYW5hMRIwEAYDVQQHEwlIeWRlcmFiYWQxFDASBgNV
+BAoTC1BlZ2FzeXN0ZW1zMQ0wCwYDVQQLEwRQZWdhMRUwEwYDVQQDEwxQZWdhIFN5
+c3RlbXMwHhcNMjMxMjI2MTIxMDE2WhcNMjUxMjI1MTIxMDE2WjBxMQswCQYDVQQG
+EwJJTjESMBAGA1UECBMJVGVsYW5nYW5hMRIwEAYDVQQHEwlIeWRlcmFiYWQxFDAS
+BgNVBAoTC1BlZ2FzeXN0ZW1zMQ0wCwYDVQQLEwRQZWdhMRUwEwYDVQQDEwxQZWdh
+IFN5c3RlbXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsATXTQFvw
+NQtJwHPZRiCCdniD+416heVzdPT5LKLzRouiFKoq9mu449nQAzYDtYhpHhlDmgMO
+hICthhNCO2d0OWN3mJatrI9d2F8N0iJD5YH+MyaEdDZzGg/eOAVredrLxQ+jf0FY
+CtKxfPdRepdz2QfVs6O0wMDGusEH0uY9GSDnJT85sdTbbALTq+AJJGZhV9cAu3BF
+BLbx2RR4V5G9NjvkjaiZQFGrBOlvm7sRhhgDAWvZu4dMspeum/dDUkHu1nIjFuXx
+Jsg9ERUvmQWD3Xocs1wSACW41IL+OkMZ5awKSUgxpktoIXm+TZW4+uKVndGn0RSo
+TKktJuT+yD5FAgMBAAGjITAfMB0GA1UdDgQWBBRVJZ0CLMWYWSw7LuEGnLUTx3MN
+CzANBgkqhkiG9w0BAQsFAAOCAQEAKWSg7en7tHfOFlN1Ae0cZk1DHW9y8OwFpmrM
+zgGjkM03VZHPh9orF++evFKcF2EyBKK34xD5CNEUH+WUAxe+vf6+u0Z/6Ru3Zhhs
+3POKnUFoWqzioBJOXlz1xmtbhvjT1waZd2Lg0a1yhsk2fRIYk/vpIUqbWtMrporE
+nyUsR7NOeMrj5pQiu8SpX3OgtKhVhkdG46wS9SnkpPLOOGyEyQ8ou9j/gG97Mzpz
+jH4dmMoYc4YDMw0aLFIDHoINqA9fHZznGLXnkO959r9cWGDqUZH/tSyYE5Qy5D7w
+6fT429bmovOShexqCRrzLciDPqdg7X5/YWAXXuGJlM0JYO4giQ==
 -----END CERTIFICATE-----