DataPower

We have a scenario where multiple backend URL's of DP using same wildcard certificate for TLS handshake. Now we have new version of wild card certificate available since existing certificate is expiring soon. We need to trust both existing version and new version of wild card certificate since backend applications are updating to the newer version of certificate in different timelines. Can we have both existing and new version of wild card certificate added in same validation credential object to make sure DP is able to trust both existing and new version of wild certificate until all backend application migrate to newer wild card certificate?

Yes, and this isn't as uncommon as it might seem.

You might run into one problem, however, and that is if the old version expires before migration is complete.

So, take a look at 2 things:  First, the validation credential's "Check Dates" property.   You may have to set that to 'off'.  Second, the "Ignore Expiration Dates" property of the old certificate object, which you may have to set to 'on' to prevent the validation credential and the certificate from going down after expiration.

None of the above two steps are required if the old certificate never expires, but if you do set those properties, don't forget to revert the "Check Dates" property of the validation credential back to 'on' once you remove the old certificate object post migration.