diff --git a/charts/pega/README.md b/charts/pega/README.md
index 2b7601354..75ff5f1ff 100644
--- a/charts/pega/README.md
+++ b/charts/pega/README.md
@@ -1167,7 +1167,7 @@ Parameter   | Description   | Default value
 `service.tls.traefik.insecureSkipVerify` | Set to `true` to skip verifying the certificate; do this in cases where you do not need a valid root/CA certificate but want to encrypt load balancer traffic. Leave the setting to `false` to both verify the certificate and encrypt load balancer traffic. | `false`
 
 ##### Important Points to note
-- By default, Pega provides a self-signed keystore and a custom root/CA certificate in Helm chart version `2.2.0`. To use the default keystore and CA certificate, leave the parameters service.tls.keystore, service.tls.keystorepassword and service.tls.cacertificate empty.
+- By default, Pega provides a self-signed keystore and a custom root/CA certificate in Helm chart version `2.2.0`. To use the default keystore and CA certificate, leave the parameters service.tls.keystore, service.tls.keystorepassword and service.tls.cacertificate empty. The default keystore and CA certificate expire on 25/12/2025.
 - To enable SSL, you must either provide a keystore with a keystorepassword or certificate, certificatekey and cacertificate files in PEM format. If you do not provide either, the deployment implements SSL by passing a Pega-provided default self-signed keystore and a custom root/CA certificate to the Pega web nodes.
 - The CA certificate can be issued by any valid Certificate Authorities or you can also use a self-created CA certificate with proper chaining.
 - To avoid exposing your certificates, you can use external secrets to manage your certificates. Pega also supports specifying the certificate files using the certificate parameters in the Pega values.yaml. To pass the files using these parameters, you must encode the certificate files using base64 and then enter the string output into the appropriate certificate parameter.
diff --git a/charts/pega/charts/hazelcast/values.yaml b/charts/pega/charts/hazelcast/values.yaml
index 56079d303..f7d7cad8e 100644
--- a/charts/pega/charts/hazelcast/values.yaml
+++ b/charts/pega/charts/hazelcast/values.yaml
@@ -39,7 +39,8 @@ client:
 # Server side settings for Hazelcast
 server:
   java_opts: "-XX:MaxRAMPercentage=80.0 -XX:InitialRAMPercentage=80.0 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/hazelcast/logs/heapdump.hprof
-  -XX:+UseParallelGC -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m -XshowSettings:vm"
+   -XX:+UseG1GC -XX:NewRatio=3 -XshowSettings:vm -XX:InitiatingHeapOccupancyPercent=45
+   -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m"
   jmx_enabled: "true"
   health_monitoring_level: "OFF"
   operation_generic_thread_count: ""
diff --git a/charts/pega/charts/installer/templates/_pega-installer-job.tpl b/charts/pega/charts/installer/templates/_pega-installer-job.tpl
index 5e15023f7..683a6ec82 100644
--- a/charts/pega/charts/installer/templates/_pega-installer-job.tpl
+++ b/charts/pega/charts/installer/templates/_pega-installer-job.tpl
@@ -63,6 +63,9 @@ spec:
           {{- $d := dict "deploySecret" "deployDBSecret" "deployNonExtsecret" "deployNonExtDBSecret" "extSecretName" .root.Values.global.jdbc.external_secret_name "nonExtSecretName" "pega-db-secret-name" "context" .root  -}}
           {{ include "secretResolver" $d | indent 10}}
 
+          {{- $artifactoryDict := dict "deploySecret" "deployArtifactorySecret" "deployNonExtsecret" "deployNonExtArtifactorySecret" "extSecretName" .root.Values.global.customArtifactory.authentication.external_secret_name "nonExtSecretName" "pega-custom-artifactory-secret-name" "context" .root -}}
+          {{ include "secretResolver" $artifactoryDict | indent 10}}
+
           # Fix it, Below peace of code always uses secret created from hz username & password. It cannot resolve hz external secret due to helm sub chart limitations. Modify it once hazelcast deployment is isolated.
           {{- if ( eq .root.Values.upgrade.isHazelcastClientServer "true" ) }}
           - secret:
diff --git a/charts/pega/config/certs/pegaca.crt b/charts/pega/config/certs/pegaca.crt
index 0d9fbf3f8..709ac99e2 100644
--- a/charts/pega/config/certs/pegaca.crt
+++ b/charts/pega/config/certs/pegaca.crt
@@ -1,13 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIB+DCCAZ8CFG8/fDwY/1tqXeTTzOkWL1mZ2wO3MAoGCCqGSM49BAMCMH8xCzAJ
-BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i
-cmlkZ2UxGDAWBgNVBAoMD1BlZ2FzeXN0ZW1zIEluYzEZMBcGA1UECwwQQ2xvdWRF
-bmdpbmVlcmluZzEPMA0GA1UEAwwGcGVnYWNhMB4XDTIyMDUyNDExMDYzM1oXDTIz
-MDUyNDExMDYzM1owfzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
-dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEYMBYGA1UECgwPUGVnYXN5c3RlbXMgSW5j
-MRkwFwYDVQQLDBBDbG91ZEVuZ2luZWVyaW5nMQ8wDQYDVQQDDAZwZWdhY2EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAASk58j/K3IzPUnsQxSrQ0LgstNaefjUneFa
-ewnBu1m2mMIIy1yEq66cai/o+95w0rzeHoaAhklxN9p3l2GIHbTwMAoGCCqGSM49
-BAMCA0cAMEQCIGHZKwtq7j7Avnq+0XakpFM6HNTBqLDCsWaegh379hElAiApObu8
-eLrNeUHdLylqMQ4dG/jSz17ovhOwgBu9A72dog==
+MIIDgTCCAmmgAwIBAgIEbZW6yjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJJ
+TjESMBAGA1UECBMJVGVsYW5nYW5hMRIwEAYDVQQHEwlIeWRlcmFiYWQxFDASBgNV
+BAoTC1BlZ2FzeXN0ZW1zMQ0wCwYDVQQLEwRQZWdhMRUwEwYDVQQDEwxQZWdhIFN5
+c3RlbXMwHhcNMjMxMjI2MTIxMDE2WhcNMjUxMjI1MTIxMDE2WjBxMQswCQYDVQQG
+EwJJTjESMBAGA1UECBMJVGVsYW5nYW5hMRIwEAYDVQQHEwlIeWRlcmFiYWQxFDAS
+BgNVBAoTC1BlZ2FzeXN0ZW1zMQ0wCwYDVQQLEwRQZWdhMRUwEwYDVQQDEwxQZWdh
+IFN5c3RlbXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsATXTQFvw
+NQtJwHPZRiCCdniD+416heVzdPT5LKLzRouiFKoq9mu449nQAzYDtYhpHhlDmgMO
+hICthhNCO2d0OWN3mJatrI9d2F8N0iJD5YH+MyaEdDZzGg/eOAVredrLxQ+jf0FY
+CtKxfPdRepdz2QfVs6O0wMDGusEH0uY9GSDnJT85sdTbbALTq+AJJGZhV9cAu3BF
+BLbx2RR4V5G9NjvkjaiZQFGrBOlvm7sRhhgDAWvZu4dMspeum/dDUkHu1nIjFuXx
+Jsg9ERUvmQWD3Xocs1wSACW41IL+OkMZ5awKSUgxpktoIXm+TZW4+uKVndGn0RSo
+TKktJuT+yD5FAgMBAAGjITAfMB0GA1UdDgQWBBRVJZ0CLMWYWSw7LuEGnLUTx3MN
+CzANBgkqhkiG9w0BAQsFAAOCAQEAKWSg7en7tHfOFlN1Ae0cZk1DHW9y8OwFpmrM
+zgGjkM03VZHPh9orF++evFKcF2EyBKK34xD5CNEUH+WUAxe+vf6+u0Z/6Ru3Zhhs
+3POKnUFoWqzioBJOXlz1xmtbhvjT1waZd2Lg0a1yhsk2fRIYk/vpIUqbWtMrporE
+nyUsR7NOeMrj5pQiu8SpX3OgtKhVhkdG46wS9SnkpPLOOGyEyQ8ou9j/gG97Mzpz
+jH4dmMoYc4YDMw0aLFIDHoINqA9fHZznGLXnkO959r9cWGDqUZH/tSyYE5Qy5D7w
+6fT429bmovOShexqCRrzLciDPqdg7X5/YWAXXuGJlM0JYO4giQ==
 -----END CERTIFICATE-----
diff --git a/charts/pega/config/certs/pegakeystore.jks b/charts/pega/config/certs/pegakeystore.jks
index 7245c730b..91cc451cb 100644
Binary files a/charts/pega/config/certs/pegakeystore.jks and b/charts/pega/config/certs/pegakeystore.jks differ
diff --git a/docs/Deploying-Pega-on-EKS.md b/docs/Deploying-Pega-on-EKS.md
index 72092a046..7a7978971 100644
--- a/docs/Deploying-Pega-on-EKS.md
+++ b/docs/Deploying-Pega-on-EKS.md
@@ -8,6 +8,10 @@ Pega helps enterprises and agencies quickly build business apps that deliver the
 
 Create a deployment of Pega Platform on which you can implement a scalable Pega application in a EKS cluster. You can use this deployment for a Pega Platform development environment. By completing these procedures, you deploy Pega Platform on a EKS cluster with a Amazon RDS database instance and two clustered virtual machines (VMs).
 
+*The following diagram shows how Pega Infinity 8.7 can be deployed on AWS with EKS*
+![Overview of EKS Pega Deployment](media/deploying-pega-on-eks.png)
+
+
 ## Deployment process overview
 
 Use Kubernetes tools and the customized orchestration tools and Docker images to orchestrate a deployment in a EKS cluster that you create for the deployment:
diff --git a/docs/media/deploying-pega-on-eks.png b/docs/media/deploying-pega-on-eks.png
new file mode 100644
index 000000000..1a2424e92
Binary files /dev/null and b/docs/media/deploying-pega-on-eks.png differ
diff --git a/terratest/src/test/pega/clustering-service-environment-config_test.go b/terratest/src/test/pega/clustering-service-environment-config_test.go
index cca1a2c0f..2468a358e 100644
--- a/terratest/src/test/pega/clustering-service-environment-config_test.go
+++ b/terratest/src/test/pega/clustering-service-environment-config_test.go
@@ -49,7 +49,7 @@ func VerifyClusteringServiceEnvironmentConfig(t *testing.T, yamlContent string,
 			UnmarshalK8SYaml(t, statefulInfo, &clusteringServiceEnvConfigMap)
 			clusteringServiceEnvConfigData := clusteringServiceEnvConfigMap.Data
 			require.Equal(t, clusteringServiceEnvConfigData["NAMESPACE"], "default")
-			require.Equal(t, clusteringServiceEnvConfigData["JAVA_OPTS"], "-XX:MaxRAMPercentage=80.0 -XX:InitialRAMPercentage=80.0 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/hazelcast/logs/heapdump.hprof -XX:+UseParallelGC -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m -XshowSettings:vm")
+			require.Equal(t, clusteringServiceEnvConfigData["JAVA_OPTS"], "-XX:MaxRAMPercentage=80.0 -XX:InitialRAMPercentage=80.0 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/hazelcast/logs/heapdump.hprof -XX:+UseG1GC -XX:NewRatio=3 -XshowSettings:vm -XX:InitiatingHeapOccupancyPercent=45 -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m")
 			require.Equal(t, clusteringServiceEnvConfigData["SERVICE_NAME"], "clusteringservice-service")
 			require.Equal(t, clusteringServiceEnvConfigData["MIN_CLUSTER_SIZE"], "3")
             require.Equal(t, clusteringServiceEnvConfigData["JMX_ENABLED"], "true")
diff --git a/terratest/src/test/pega/pega-installer-job_test.go b/terratest/src/test/pega/pega-installer-job_test.go
index 73dd54ff7..0846188d3 100644
--- a/terratest/src/test/pega/pega-installer-job_test.go
+++ b/terratest/src/test/pega/pega-installer-job_test.go
@@ -19,6 +19,7 @@ type pegaDbJob struct {
 }
 
 var volDefaultMode int32 = 420
+var customArtifactorySecret = "artifactory_secret"
 var volDefaultModePointer = &volDefaultMode
 
 func TestPegaInstallerJob(t *testing.T) {
@@ -36,11 +37,12 @@ func TestPegaInstallerJob(t *testing.T) {
 				for _, pullPolicy := range imagePullPolicy {
 					var options = &helm.Options{
 						SetValues: map[string]string{
-							"global.deployment.name":        depName,
-							"global.provider":               vendor,
-							"global.actions.execute":        operation,
-							"installer.imagePullPolicy":     pullPolicy,
-							"installer.upgrade.upgradeType": "zero-downtime",
+							"global.deployment.name": depName,
+							"global.provider":        vendor,
+							"global.actions.execute": operation,
+							"global.customArtifactory.authentication.external_secret_name": customArtifactorySecret,
+							"installer.imagePullPolicy":                                    pullPolicy,
+							"installer.upgrade.upgradeType":                                "zero-downtime",
 						},
 					}
 					yamlContent := RenderTemplate(t, options, helmChartPath, []string{"charts/installer/templates/pega-installer-job.yaml"})
@@ -114,6 +116,7 @@ func assertJob(t *testing.T, jobYaml string, expectedJob pegaDbJob, options *hel
 
 	require.Equal(t, jobSpec.Volumes[0].Name, "pega-installer-credentials-volume")
 	require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[0].Secret.Name, getObjName(options, "-db-secret"))
+	require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[1].Secret.Name, customArtifactorySecret)
 	require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.DefaultMode, volDefaultModePointer)
 	require.Equal(t, jobSpec.Volumes[1].Name, "pega-volume-installer")
 	if jobSpec.Volumes[1].VolumeSource.ConfigMap.LocalObjectReference.Name == "pega-install-config" {