Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1890
Views
0
Helpful
0
Comments

ADFS Expiring Cert

cdnadmin
Level 11
Level 11

on ‎01-25-2014 10:35 AM

This document was generated from CDN thread

Created by: Rahul Patel on 05-03-2013 11:04:46 PM
Hello,
 
The token Signing Cert and the decrypting on my ADFS server is going to expire.  The token signing cert is the one, that was imported into WebEx for SSO to work.  Does anyone know how to regenerate this token signing Cert? 
 
Thank you,
Rahul Patel

Subject: RE: ADFS Expiring Cert
Replied by: Nathan Morrow on 06-03-2013 12:55:51 PM
There are many methods available for generating a certificate that would work. WebEx SSO supports self-signed certificates as well as signed. Your best bet would be to generate a new certificate in the same way that you did originally. You will need to update your WebEx SSO configuration and your IdMS configuration with the new certificate once it is generated.

Subject: RE: ADFS Expiring Cert
Replied by: Rahul Patel on 06-03-2013 01:17:15 PM
Hello Nathan,

So, I created a self-signed cert on the ADFS server.  Added it as a Token-Signing cert in the ADFS Management.  Marked it primary and then exported it.  Removed the cert from WebEx and installed the new one. This did not work for me.  Therefore, I reverted back.
Do I need to export the SAML metadata file and re-create relying party and the Claims Rules on the ADFS? 
 
Thank you,
Rahul Patel

Subject: RE: ADFS Expiring Cert
Replied by: Nathan Morrow on 06-03-2013 01:32:53 PM
A cert swap on both ends should be all that is necessary. Do you have any details on error messages received after the update? You may be better served contacting techical support with any available details, as SAML SSO is part of the base meeting service product and telephone based support is immediate. You could also follow the configuration guide and recongifure from scratch in case some setting is misconfigured, of course backup your current configuration. If additional configuration assistance is still required, your account manager can schedule a meeting with the advanced services group to get everything set up.

Subject: RE: ADFS Expiring Cert
Replied by: Rahul Patel on 07-03-2013 08:14:23 AM
Hello Nathan,
I was able to get this to work.  The AD FS service account needs to be able to manage the private key of the certificate. This can be accomplished through the MMC --> Certificates --> Computer snap-in. Right-click over the new certificate --> All Tasks --> Manage Private Keys and add the service account, I assigned Full Permissions.  I then exported the cert and imported into WebEx.  Thanks for you help.
 
Rahul
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
Discussions
Customers Also Viewed These Support Documents