Recommended approach to renew an expiring sign certificate in AdminUI

book

Article ID: 108733

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

When running Siteminder Federation, what is the recommended way to renew a signing certificate that is about to expire?

 

Resolution

 

To renew a certificate that is about to expire, update the certificate by using the "ACTION" button and then "Update Certificate" in the X509 Certificate Management section. This should suffice in updating the certificate to a new one. 

However, AdminUI might report that the "Public Key" from the new certificate is not the same as the existing one.

If the new certificate has a different key, the steps to use this new certificate would be different. 

  1. Import the new certificate with a different alias name.
  2. Then deactivate the Partnership to assign this new alias name for signature verification. 
  3. Then activate the partnership.