Change SSO metadata certificate

 How to change the Ubisecure SSO metadata certificate?

Step-by-step guide

Unix.config/win32.config has suffix.pfx field that contains base64 encoded certificate.pfx which is crypted with master.secret key. 

If you have binary certificate.pfx (certificate and private key package) you must encode it to base64 format and make sure that the string doesn’t contain any line change characters.

1. Linux: base64 -w 0 certificate.pfx > certib64.pfx
2. Edit unix.config/win32.config to contain this new certificate.
3. Execute the following commands: (adjust accordign to linux paths)
   cd /d C:\Program Files\Ubisecure\ubilogin-sso\ubilogin 
   setup.cmd  
   cd ldap 
   adam\import.cmd secrets.ldif
4. If import secrets fails, it means that the certificate is too big for the ldapmodify application. Connect to the Ubilogin Directory with an LDAP client application, such as ADSI Edit and add certificate manually to CN=Server,OU=System,CN=Ubilogin,DC=host object, attribute ubiloginPKCS12 
5. cd /d C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\tomcat\update 
   update.cmd

Related articles

• Page:
  SAML Compatibility Flags
• Page:
  Install and start Ubisecure SSO Tomcat and Accounting Service as Windows Services gives error
• Page:
  Access to the requested resource is denied error
• Page:
  Authorization Policy Example : SHA256 hash from SSO session ID and user's email address
• Page:
  Change SSO metadata certificate