While working on renewing Advanced Authentication ( AA) certificates, As we change rootca and certificate chain this time, which one should be used for two places described below:

1. UDS connection

Services and Server Configurations >Administration Console > UDS Connectivity Configuration

2. Risk Authentication Administration Connectivity

Click the Services and Server Configurations -> Risk Authentication -> System Configuration à Risk Authentication Connectivity -à Risk Authentication Administration Connectivity (7777)

Server CA Root Certificate :

Could you take a look and guide which one should be use here: rootca or certificate chain?

Release : 9.1

Component : Strong Authentication & Risk Authentication

For Risk Authentication and Strong Authentication components the Certificate is maintained in the below table.

ARADMINMAP

For UDS SSL connection, the certificate is maintained in the table.

ARADMINCONFIG

You can extract the certificate from these tables by using SQL queries or tools like SQL developer, the data is maintained in a BLOB value. The extracted value is base64 encoded so to get the actual certificate we have to decode that.

Below command can be used to see the contents of the certificate.

openssl x509 -in aaa_cert.pem -noout -text

Where aaa_cert.pem is the certificate obtained after base64 decoding the BLOB value.