This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
mad_pablo
mad_pablo
Visitor.
‎2019-10-07 10:24
200 views

Renew an OSP certificate

Jump to solution

Hi all,

 

I have an IDM 4.6 installation where the certificates are about to expire. Renewing the eDirectory certificates is a clean job - I renew the certificates via iManager and update the keystore used by the Tomcat for Identity Applications.

What I worry about is the OSP certificate. I have found out, that osp.jks created by the installation hosts a single certificate including the private key that was created by my eDirectory serwer (Issuer points to eDir hostname).

My question is: How do I recreate this certificate and what components of a default installation should trust it?

Many thanks for any help

 

Pablo

 

 

 

Labels (1)
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
pdeneu
pdeneu Super Contributor.
Super Contributor.
‎2019-10-09 06:23

Re: Renew an OSP certificate

Jump to solution

Hello,

renewing the osp certificates isnt that big. 

You have to create a new keypair in the osp keystore. In the most of my env. i followed the tips from @geoffc in his blog-series Troubleshooting OSP and SSPR - Part 3 .

And i always create the keystore for osp with a validity of 20 years.

After creating a new osp keystore, you have to export the public key to the cacerts (or the other keystores) and restart tomcat. In Cluster env. you have to copy the keystore to all nodes which are working as osp authentication service.

Regards,

Philipp


--
https://www.lanworks.de

View solution in original post

Reply
Report Inappropriate Content
2 Replies
pdeneu
pdeneu Super Contributor.
Super Contributor.
‎2019-10-09 06:23

Re: Renew an OSP certificate

Jump to solution

Hello,

renewing the osp certificates isnt that big. 

You have to create a new keypair in the osp keystore. In the most of my env. i followed the tips from @geoffc in his blog-series Troubleshooting OSP and SSPR - Part 3 .

And i always create the keystore for osp with a validity of 20 years.

After creating a new osp keystore, you have to export the public key to the cacerts (or the other keystores) and restart tomcat. In Cluster env. you have to copy the keystore to all nodes which are working as osp authentication service.

Regards,

Philipp


--
https://www.lanworks.de

View solution in original post

Reply
Report Inappropriate Content
mad_pablo
mad_pablo
Visitor.
‎2019-10-11 08:37

Re: Renew an OSP certificate

Jump to solution

Thanks a lot.

I did as suggested and everything is OK.

 

Ragards,

Pablo

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.