Running Policy Server, how to upgrade the certificate in the Legacy Federation?
At the moment, the Legacy Federation signs the assertion using the defaultenterpriseprivatekey.
How to change it to use the new certificate myNewAlias?
Some documents explain how to set the certificate and key, as well as do some verification about the Certificate that will be set (1)(2).
These are mainly related to the document section for Legacy Federation Signature configuration from the SiteMinder documentation (3).
To validate that the new certificate is in use after the changes, set the Policy Server Profiler with the component:
As transaction often includes multiple components, the best way to troubleshoot or validate that a configuration works as expected is to set temporarily the full Profiler configuration, to miss nothing.
Here's the template with full components and full data:
components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized, Tunnel_Service, JavaAPI, Directory_Access, ODBC, LDAP, IdentityMinder, TXM, Fed_Server, Srca
data: Date, PreciseTime, Time, Pid, Tid, SrcFile, Function, TransactionID, AgentName, Resource, User, Group, Realm, Domain, Directory, Policy, AgentType, Rule, ErrorValue, ReturnValue, ErrorString, IPAddr, IPPort, Result, Returns, CallDetail, Data, Message, ObjectClass, DomainOID, SearchKey, ObjectOID, Property, AuthStatus, AuthReason, AuthScheme, CertSerial, SubjectDN, IssuerDN, SessionSpec, SessionID, CertDistPt, UserDN, Action, RealmOID, State, ClusterID, HandleCount, FreeHandleCount, BusyHandleCount, ResponseTime, Throughput, MaxThroughput, MinThroughput, Threshold, TransactionName, HexadecimalData, Query, ActiveExpr, RequestIPAddr, Expression, CacheHits, CacheSize, RefCount, ExecutionTime, Tenant