Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
mad_pablo
New Member.
139 views

Renew an OSP certificate

Jump to solution

Hi all,

 

I have an IDM 4.6 installation where the certificates are about to expire. Renewing the eDirectory certificates is a clean job - I renew the certificates via iManager and update the keystore used by the Tomcat for Identity Applications.

What I worry about is the OSP certificate. I have found out, that osp.jks created by the installation hosts a single certificate including the private key that was created by my eDirectory serwer (Issuer points to eDir hostname).

My question is: How do I recreate this certificate and what components of a default installation should trust it?

Many thanks for any help

 

Pablo

 

 

 

Labels (1)
0 Likes
1 Solution

Accepted Solutions
pdeneu Super Contributor.
Super Contributor.

Re: Renew an OSP certificate

Jump to solution

Hello,

renewing the osp certificates isnt that big. 

You have to create a new keypair in the osp keystore. In the most of my env. i followed the tips from @geoffc in his blog-series Troubleshooting OSP and SSPR - Part 3 .

And i always create the keystore for osp with a validity of 20 years.

After creating a new osp keystore, you have to export the public key to the cacerts (or the other keystores) and restart tomcat. In Cluster env. you have to copy the keystore to all nodes which are working as osp authentication service.

Regards,

Philipp


--
https://www.lanworks.de
2 Replies
pdeneu Super Contributor.
Super Contributor.

Re: Renew an OSP certificate

Jump to solution

Hello,

renewing the osp certificates isnt that big. 

You have to create a new keypair in the osp keystore. In the most of my env. i followed the tips from @geoffc in his blog-series Troubleshooting OSP and SSPR - Part 3 .

And i always create the keystore for osp with a validity of 20 years.

After creating a new osp keystore, you have to export the public key to the cacerts (or the other keystores) and restart tomcat. In Cluster env. you have to copy the keystore to all nodes which are working as osp authentication service.

Regards,

Philipp


--
https://www.lanworks.de
mad_pablo
New Member.

Re: Renew an OSP certificate

Jump to solution

Thanks a lot.

I did as suggested and everything is OK.

 

Ragards,

Pablo

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.