search cancel

Recommended approach to renew an expiring sign certificate in AdminUI


Article ID: 108733


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



When running Siteminder Federation, what is the recommended way to renew a signing certificate that is about to expire?




To renew a certificate that is about to expire, update the certificate by using the "ACTION" button and then "Update Certificate" in the X509 Certificate Management section. This should suffice in updating the certificate to a new one. 

However, AdminUI might report that the "Public Key" from the new certificate is not the same as the existing one.

If the new certificate has a different key, the steps to use this new certificate would be different. 

  1. Import the new certificate with a different alias name.
  2. Then deactivate the Partnership to assign this new alias name for signature verification. 
  3. Then activate the partnership.