Difference between revisions of "Single Sign On Service Certificate Renewal"

From Studentnet Wiki
Jump to navigation Jump to search
Line 21: Line 21:
 
===Notes===
 
===Notes===
 
*The same certificate can be used for signing and encryption.
 
*The same certificate can be used for signing and encryption.
*Some Service only have 1 certificate, in this case ignore steps 11-15.
+
*Some services only have 1 certificate, in this case, ignore steps 11-15.
  
 
==Removing Certificate==
 
==Removing Certificate==

Revision as of 23:06, 4 August 2021

Single Sign On Service Certificate Renewal

  1. Login to Cloudwork Dashboard
  2. Navigate to Single Sign On
  3. On the service list, click on the SSO Service which requires the certificate renewal
  4. Scroll down to SAML Config and Click Edit
  5. Scroll down to Certificates and Click Add Row
  6. Open up the XML file received from the SSO Service which requires the certificate renewal
    Example XML File, will be used as reference for instructions
  7. In the XML file, check the Certificate 1 Usage(found in the first KeyDescriptor Tag)
  8. In the Cloudwork Dashboard in the new row select with the checkbox whether Certificate 1 will be used for Signing or Encryption
  9. In XML file, Copy the Certificate 1 Content that is located in between the X509Certificate Tags(The beginning of the certificate is MIIDSTCCA and the end of the certificate is mAKo=)
  10. In the Cloudwork Dashboard in the row which has the checkbox selected, under Content paste the Certificate 1 Content
  11. In the Cloudwork Dashboard Click Add Row
  12. In the XML file, check the Certificate 2 Usage(found in the second KeyDescriptor Tag)
  13. In the Cloudwork Dashboard in the new row select with the checkbox whether Certificate 2 will be used for Signing or Encryption
  14. In XML file, Copy the Certificate 2 Content that is located in between the X509Certificate Tags(The beginning of the certificate is MIIDSTCCA and the end of the certificate is 3wyacFw==)
  15. In the Cloudwork Dashboard in the row which has the checkbox selected, under Content paste the Certificate 2 Content
  16. Take note which certificates are the new certificate, when the expiry date of the old certificate occurs, the old certificates will need to be removed(older certificates are at the top of Certificates Table)
  17. Click Submit

Notes

  • The same certificate can be used for signing and encryption.
  • Some services only have 1 certificate, in this case, ignore steps 11-15.

Removing Certificate

When the SAML SSO Certificate expiry date occurs, it will be necessary to remove the expired certificate, the steps for removing the expired certificates:

  1. Login to Cloudwork Dashboard
  2. Navigate to Single Sign On
  3. On the service list, click on the SSO Service which had the certificate renewal
  4. Scroll down to SAML Config and Click Edit
  5. Remove each of the expired Certificates by pressing the remove row button
    Example Certificates Table in Cloudwork: Expired Certificates are the first and second row
  6. Click submit