
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi all,
I have an IDM 4.6 installation where the certificates are about to expire. Renewing the eDirectory certificates is a clean job - I renew the certificates via iManager and update the keystore used by the Tomcat for Identity Applications.
What I worry about is the OSP certificate. I have found out, that osp.jks created by the installation hosts a single certificate including the private key that was created by my eDirectory serwer (Issuer points to eDir hostname).
My question is: How do I recreate this certificate and what components of a default installation should trust it?
Many thanks for any help
Pablo
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello,
renewing the osp certificates isnt that big.
You have to create a new keypair in the osp keystore. In the most of my env. i followed the tips from @geoffc in his blog-series Troubleshooting OSP and SSPR - Part 3 .
And i always create the keystore for osp with a validity of 20 years.
After creating a new osp keystore, you have to export the public key to the cacerts (or the other keystores) and restart tomcat. In Cluster env. you have to copy the keystore to all nodes which are working as osp authentication service.
Regards,
Philipp
--
https://www.lanworks.de

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello,
renewing the osp certificates isnt that big.
You have to create a new keypair in the osp keystore. In the most of my env. i followed the tips from @geoffc in his blog-series Troubleshooting OSP and SSPR - Part 3 .
And i always create the keystore for osp with a validity of 20 years.
After creating a new osp keystore, you have to export the public key to the cacerts (or the other keystores) and restart tomcat. In Cluster env. you have to copy the keystore to all nodes which are working as osp authentication service.
Regards,
Philipp
--
https://www.lanworks.de

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thanks a lot.
I did as suggested and everything is OK.
Ragards,
Pablo