BYOC Edge v2.5.0 400 on Certificate Rotation

Trying to push a new TLS cert to the BYOC connector. The Resource Center article for BYOC Security Configuration says the /api/v2/boundary/certificates endpoint should handle rotations without downtime, but it’s throwing a 400 Bad Request with INVALID_CERT_CHAIN. We’ve verified the PEM format matches the docs and the intermediate CA is included.

  • Edge Version: v2.5.0
  • Handshake drops at 15 seconds
  • Console logs show the chain as malformed

The API INTEGRATION pipeline usually sidesteps the boundary endpoint entirely. You’ll post the TLS_CERTIFICATE directly to /api/v2/platform/security/certificates. First, encode the PEM_CHAIN as raw base64. Then set ROTATION_POLICY to BYPASS_VALIDATION. The gateway skips the strict chain check. Logs usually flag the timeout first anyway. Adjust the KEEP_ALIVE header.