Home Forums CA Single Sign-On What is the best procedure for renewal of certificate? Reply To: What is the best procedure for renewal of certificate?

#646

Dhilip
Participant

Hi Ujwol,

Unfortunately, we are not using Parterhsip Federation, we are using Legacy federation in my enterprise.

During the last certificate renewal activity, they have followed the below procedure.
1. Pre-installed the certificate in the CDS under a different alias(Alias3).
2. Rename old certificate(Alias1) to different alias(Alias2).
3. Rename the new certificate(Alias3) with actual certificate alias name(Alias1).

For the time being, we were not facing any issues with this approach. (Note: We are using these certs only for signing)

Now, I am doing a feasibility check to use partnership federation in future. While exporting the sample entity, I could see that it has CA.FED::Certificate.Alias=Alias1 and CA.CDS::Certificate.Alias=Alias2. So, I am trying to find a proper way to renew the certificate. I guess using ‘Update Certificate’ from the WAMUI is the best option (to avoid these problems).

But, my doubt is in case if I need to rollback (because of some issues), Will I be able to use the same procedure(to update with old certificate) or will it perform any validation, thus will not allow to update (with old cert because of date validation)?