AnsweredAssumed Answered

Federation SP Cert Renewal on IDP

Question asked by Ashok kumar Muthu Employee on Feb 28, 2016
Latest reply on Jan 13, 2017 by CBertagnolli

Hi,

 

SP cert which has been configured for verification and encryption on IDP partnership is going to expire soon.

 

I thought of just renaming the alias of new certificate to the old name would suffice this requirement, however I am running into issue with this approach. This is what I tried:

 

I am able to rename the cert alias using smkeytool utility  -  rename the old cert alias to some dummy name and give the old cert alias name to the new cert - This has updated the cert properly and I am able to see the same(old) cert alias in all the partnerships.

 

However I am still able to see in the SAML response that attribute encryption is signed with the old cert still. I did try restarting SPS and Policy server, but still no luck.

 

Any suggestions ?

 

Thanks

Ashok

Outcomes