Replace expired SAML certificate

book

Article ID: 169083

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Received an email stating that the SAML certificate that is used with your Web Security Service (WSS) account is about to expire.

End users receive exception pages stating that authentication is not allowed. Account has been locked out.
 

Cause

The SAML certificate is about to or has expired.

Environment

Web Security Service

Resolution

You must access the server that hosts Symantec Authentication

  1. Stop the Symantec Auth Connector service.
  2. Delete the certificate in the cloud portal (Service > Authentication > SAML).
  3. Delete the SAML certificate from the Auth install folder. 
  4. Delete the SAML certificate from the certificate store. It is installed under the Personal folder.
  5. Restart the Auth service which generates a new certificate in the Auth installation folder.
  6. Open the SAML certificate. Copy the contents: Do not add spaces or carriage returns after the last dash.
  7. Back on the ThreatPulse portal SAML page, click Add New Certificate. Paste the copied contents in the window. Click OK.