Is there a required process to add or update an SSO certificate?
When updating an expiring SSO certificate, or adding a new secondary certificate, the customer MUST open a support case at https://casupport.broadcom.com
The customer needs to send the certificate in one of the following formats: .txt, .crt, .cert, or .html, or send a complete metadata file in an .xml format, which includes the new certificate.
For more information please refer to the SSO setup in the Agile Central help pages. https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/agile-development-and-management/rally-platform-ca-agile-central/rally/getting-started-top/administrators-how-set-rally/technical-overview-implementing-single-sign-on.html
The PingFederate server used by Broadcom where connections are configured can have up to 2 certificates in use at any one time. Either of these (primary or secondary) certificates can be utilized depending on the certificate being sent in the SAML response form the customer. In most cases new certificates are imported as the secondary certificate. When and if the primary certificate expires the secondary certificate will then automatically be used and validated against beyond the expiration of the primary certificate. The validation process is seamless and it is unnecessary to remove or inactivate an expiring certificate as long as its' replacement is configured as a secondary.