ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What is the recommended approach to renew a Federation signing certificate that is about to expire?


Article ID: 108733


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We are currently using Siteminder Federation in our enterprise. 

What is the recommended way to renew signing certificate that is about to expire?


SSO 12.52.x 


If you want to renew a certificate that is about to expire, you can update the certificate by using the "ACTION" button and then "Update Certificate" at the X509 Certificate Management section. This should suffice in updating the certificate to a new one. 

However, the Adminui might report that the "Public Key" from the new certificate is not the same as the existing one. 

If you were to get a new certificate with a different key, the steps to use this new certificate would be different. 

1) You will need to import the new certificate with the different alias name. 
2) Then deactivate the Partnership to assign this new alias name for signature verification. 
3) Then activate the partnership.