mleung8

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-30
23:07
814 views
Missing OSP.JKS
The OSP.JKS didn't created during the Identity Application 4.7 installation and config. Is there any TID or documentation showing how-to recreate the missing certificate? Thanks.
Regards
Michael
Regards
Michael
4 Replies


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-01
12:53
On 4/30/2018 6:14 PM, mleung8 wrote:
>
> The OSP.JKS didn't created during the Identity Application 4.7
> installation and config. Is there any TID or documentation showing
> how-to recreate the missing certificate? Thanks.
You can make one with Keytool. It is in every JRE.
You need a private key for OSP to use, the public key of the Tomcat
cert, and the public key of the Tree CA in there. (NAM's side of the
SAML Metadata as well often helps).
This series I wrote may be helpful to you
https://www.netiq.com/communities/cool-solutions/configuring-idm-4-5s-osp-talk-shibboleth-idp
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5-part-2
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-sspr-part-3
>
> The OSP.JKS didn't created during the Identity Application 4.7
> installation and config. Is there any TID or documentation showing
> how-to recreate the missing certificate? Thanks.
You can make one with Keytool. It is in every JRE.
You need a private key for OSP to use, the public key of the Tomcat
cert, and the public key of the Tree CA in there. (NAM's side of the
SAML Metadata as well often helps).
This series I wrote may be helpful to you
https://www.netiq.com/communities/cool-solutions/configuring-idm-4-5s-osp-talk-shibboleth-idp
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5-part-2
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-sspr-part-3


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-01
14:23
On 5/1/2018 7:53 AM, Geoffrey Carman wrote:
> On 4/30/2018 6:14 PM, mleung8 wrote:
>>
>> The OSP.JKS didn't created during the Identity Application 4.7
>> installation and config. Is there any TID or documentation showing
>> how-to recreate the missing certificate? Thanks.
>
> You can make one with Keytool. It is in every JRE.
>
> You need a private key for OSP to use, the public key of the Tomcat
> cert, and the public key of the Tree CA in there. (NAM's side of the
> SAML Metadata as well often helps).
>
> This series I wrote may be helpful to you
>
> https://www.netiq.com/communities/cool-solutions/configuring-idm-4-5s-osp-talk-shibboleth-idp
>
> https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5
>
> https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5-part-2
>
> https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-sspr-part-3
Really what OSP needs is a private key, to use in its metadata for SAML.
And to trust the public key of the other SAML partner (NAM) and of the
Identity Apps web server (Tomcat).
> On 4/30/2018 6:14 PM, mleung8 wrote:
>>
>> The OSP.JKS didn't created during the Identity Application 4.7
>> installation and config. Is there any TID or documentation showing
>> how-to recreate the missing certificate? Thanks.
>
> You can make one with Keytool. It is in every JRE.
>
> You need a private key for OSP to use, the public key of the Tomcat
> cert, and the public key of the Tree CA in there. (NAM's side of the
> SAML Metadata as well often helps).
>
> This series I wrote may be helpful to you
>
> https://www.netiq.com/communities/cool-solutions/configuring-idm-4-5s-osp-talk-shibboleth-idp
>
> https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5
>
> https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5-part-2
>
> https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-sspr-part-3
Really what OSP needs is a private key, to use in its metadata for SAML.
And to trust the public key of the other SAML partner (NAM) and of the
Identity Apps web server (Tomcat).
mleung8

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-03
15:46
Thanks Geoffc,
I followed your series to create the missing osp.jks certificate. User Application 4.7 working good now thanks again.
Michael
I followed your series to create the missing osp.jks certificate. User Application 4.7 working good now thanks again.
Michael


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-03
16:18
On 5/3/2018 10:54 AM, mleung8 wrote:
>
> Thanks Geoffc,
>
> I followed your series to create the missing osp.jks certificate. User
> Application 4.7 working good now thanks again.
Glad to help, send fish!
>
> Thanks Geoffc,
>
> I followed your series to create the missing osp.jks certificate. User
> Application 4.7 working good now thanks again.
Glad to help, send fish!