Home Forums CA Single Sign-On What is the best procedure for renewal of certificate? Reply To: What is the best procedure for renewal of certificate?

#738

ujwols
Keymaster

1) Could you please let me know if there will be any drawback with the approach which we are using?

Updating any existing certs needs to deactivate the partnership/legacy federation first and there is also a chance that if anything goes wrong you may not have a backup to revert.

2) CA’s recommended approach(for our case) is to import new certificate with different alias and change the Alias (to new alias instead of empty/defaultenterpriseprivatekey) in all the SAML service providers. Please confirm if my understanding is correct.

Yes, even if this is a long process it is the safest procedure as it also provides a way to restore to old certificate/alias if something goes wrong.