|
Results |
|
VM: How to import an updated SSO STS Trust Certificate / How to solve "Invalid SSO token" errors
VM: How to import an updated SSO STS Trust Certificate / How to solve "Invalid SSO token" errors
|
|
|
How to create and update the SSO STS certificate in Dimensions CM
Serena recommends that you generate new key pairs to secure your SBM installation. If you do not generate new key pairs, then the default certificates that the STS inherently trusts are used. These same certificates are available from any SBM installation and can be easily spoofed!
|
|
|
See repeated errors in sso-idp.log about the following "Trusted certificate expired and will be discarded: CN=Serena Version Manager Server..."
RPConfig.isTrustedEndorser(594): Trusted certificate expired and will be discarded: CN=Serena Version Manager Server, O="Serena Software, Inc.", L=Redwood City, ST =California, C=US If you do use the Integration with SBM and Version Manager see this kb doc for more information S141200 If you don't use the integration between SBM and Version Manager and you want to get rid of this error do the following.
|
|
|
SBM 10.1.1.4+ and SBM 11.x: How to generate new signed certificate trust keys for SBM and copy them to additional servers as needed (Generating SSO certificates)
The 'Serena SSO IdP' certificate that is used by SSO STS expires in 2 month(s). You must update this certificate before it expires.
|
|
|
10.1-10.1.1.3 (Earlier versions affected if SSO On) - SBM Sample Certificates for STS, Federation Server and SSO Gatekeeper expire on 13th June 2015 or 16th September 2017 - Error message: Failed to verify signature
3. On the "SSO Trust Keys” Tab there are 3 Trust Keys - STS , Federation Server and SSO Gatekeeper. The validity on each will indicate their expiry date.
|
|
|
SBM 2009 R4 (and prior): How to generate new signed certificate trust keys for SBM and copy them to additional servers as needed (Renew SSO certificates)
"C:\Program Files\Serena\SBM\Common\jdk1.5\bin\keytool.exe" -list -v -alias sts -keystore "C:\Program Files\Serena\SBM\Common\jboss405\server\default\deploy\TokenService.war\WEB-INF\conf\keystore.jks" -storepass changeit
|
|
|
Version Manager SSO: Default Certificates for STS, GATEKEEPER and VMSERVER expire starting June 13th 2015
:PortNum /idp/services/ Trust ": Authentication failed SSO/CAC Login Error: Connection exception using SSLCLIENTAUTHURL "http://ServerName
|
|
|
SBM 10.1 - 10.1.1.3: How to generate new signed certificate trust keys for SBM and copy them to additional servers as needed (Generating SSO certificates)
To secure your installation, you must generate new key new key pairs. If you do not generate new key pairs, then the default certificates that the STS inherently trusts are used. To increase security you should generate a new unique certificate for each SSO component.
|
|
|
Dim2009R2: SSO CAC: TrustedCertificatesMatcher.matches(195): Certificate validation failed: Path does not chain with any of the trust anchors
keystore configuration.xml sso- sts .log
|
|
|
How to get a copy of the certificate chain and copy it to the certificate trust store ("PKIX path building failed" or similar SSL connection errors.)
How to get a copy of the certificate chain and copy it to the certificate trust store ("PKIX path building failed" or similar SSL connection errors.)
|
|
|