Highlighted
Respected Contributor.
Respected Contributor.
228 views

Post SSL certificate upgrade - metadata still gives the old certificate

We are using the external CA signed certificate for signing and encryption. Its going to expire in some days. So i have created a new CSR and get it signed and added those in trusted roots and assigned it for the IDP and AG devices. 

I have replaced the SSL certificate as well. Still my metadata is pointing to the older certificate only.

Any thoughts ?

Labels (2)
0 Likes
5 Replies
Highlighted
Respected Contributor.
Respected Contributor.

Re: Post SSL certificate upgrade - metadata still gives the old certificate

In NAM appliance Metadata certificates should get replaced when updating ssl (https) certificate for IDP cluster

In application you have to add it to the IDP keystores for signing and encryption to get the metadata updated

Try to replace default singing and encryption certificates with your new certificate using the same alias

in IDP-->General--> security-->keystors, pick the signing and encryption keystores

/Lelle

Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Post SSL certificate upgrade - metadata still gives the old certificate

Hello,

NAM appliance has single keystore unlike NAM Service deployement. To change the certificate, you need to replace from AG cluster -> Reverse proxy. Select the certificate and it will be applicable to IDP as well.

In NAM appliance, IDP is behind ag so this single certificate will work. Hope this helps!

Highlighted
Community Manager Community Manager
Community Manager

Re: Post SSL certificate upgrade - metadata still gives the old certificate

Hello! You got 2 responses which hopefully provide you with all information you need in order to resolve your issues.

If you got a solution, please accept the answers as solution to your question. Your fellow community members will appreciate it when having similar issues! thank you!

0 Likes
Highlighted
Visitor.

Re: Post SSL certificate upgrade - metadata still gives the old certificate

Have you restarted your IDP after certificate renewal? 

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: Post SSL certificate upgrade - metadata still gives the old certificate

Solution : Change the new certificates's alias as signing in the keystore 

Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.