/
Change SSO metadata certificate
Change SSO metadata certificate
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
Owned by Former user (Deleted)
Last updated: 2022-02-21 by Former user (Deleted)
How to change the Ubisecure SSO metadata certificate?
Step-by-step guide
Unix.config/win32.config has suffix.pfx field that contains base64 encoded certificate.pfx which is crypted with master.secret key.
If you have binary certificate.pfx (certificate and private key package) you must encode it to base64 format and make sure that the string doesn’t contain any line change characters.
- Linux: base64 -w 0 certificate.pfx > certib64.pfx
- Edit unix.config/win32.config to contain this new certificate.
- Execute the following commands: (adjust accordign to linux paths)
cd /d C:\Program Files\Ubisecure\ubilogin-sso\ubilogin
setup.cmd
cd ldap
adam\import.cmd secrets.ldif - If import secrets fails, it means that the certificate is too big for the ldapmodify application. Connect to the Ubilogin Directory with an LDAP client application, such as ADSI Edit and add certificate manually to CN=Server,OU=System,CN=Ubilogin,DC=host object, attribute ubiloginPKCS12
- cd /d C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\tomcat\update
update.cmd
For SSO 8.9.x and later
Please use the following documentation to update the SSO metadata certificate instead of above mentioned steps: Key rotation - SSO#SSO-Usingasignedcertificate
Related articles
, multiple selections available,
Related content
Change SSO metadata certificate for SSO 8.9.x onwards
Change SSO metadata certificate for SSO 8.9.x onwards
Read with this
Update the SSO signing and encryption key
Update the SSO signing and encryption key
Read with this
Change hostname of Ubisecure SSO
Change hostname of Ubisecure SSO
Read with this
Upgrade on Windows - SSO
Upgrade on Windows - SSO
More like this
Upgrade on Linux - SSO
Upgrade on Linux - SSO
More like this
Management API - SSO
Management API - SSO
Read with this