ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Using signed cert for SAML keystore

book

Article ID: 186623

calendar_today

Updated On:

Products

NIMSOFT PROBES DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Are we able to use a signed certificate in the SAML keystore to replace the self-signed cert that is generated for it?
If so, how?

Environment

Release : 9.2.0

Component : UIM - UMP LIFERAY

Resolution

You can use the same signed cert you use for the wasp probe in the SAML keystore.  The steps to do so, follow:

1. Disable wasp probe.
2. Use the keytool utility to list the alias present in wasp.keystore and copy wasp.keystore to the /data folder where the self-signed keystore is located.
3. Backup the self-signed keystore and rename it.
4. Rename wasp.keystore as keystore.jks.  SAML does not recognize the keystore unless it was named keystore.jks, even if you specify the file name 'wasp.keystore' in portal-ext.properties.
5. Change the saml.keystore.password in portal-ext.properties to the wasp.keystore password
6. Change the saml.keystore.credential.password[alias] in portal-ext.properties to the wasp.keystore password.  Also, change the value in brackets to the keystore alias used in wasp.keystore\
7. Change the saml.entity.id in portal-ext.properties to the alias used in wasp.keystore.
8. Restart wasp probe.