cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1497
Views
0
Helpful
3
Replies

Renew SSO certificate on Webex administrator page with Azure idP

zeevi
Level 1
Level 1

Hello community,

We got a generic mail from Cisco saying our current SSO certificate is about to be expired next month.

on our Webex SSO settings we see the new certificate with 1 year expiration date ready to be activated:

zeevi_2-1666525370323.png

according to the mail, we should download the new certificate and upload to our idP (Azure in our case) before activating the new Certificate but it seems that we already have a valid certificate in Azure expiring 3 years from now:

zeevi_3-1666525510608.png

this is also matching the "site certificate manager" on Webex SSO config page:

zeevi_4-1666525632334.png

 

does anyone know the process of uploading Webex new certificate to Azure? is it even necessary or we just need to activate the new certificate on the webex administrator SSO Configuration settings?

I already have a ticket open with Webex support (694462722) but unfortunately they do not know the process that needs to be done in Azure.

 

3 Replies 3

zeevi
Level 1
Level 1

Thanks but we haven't implemented control hub yet.

we only have WEBEX sites at the moment.

There are as you might know two parts of the chain of trust in an IdP. One is the system side and the other is the IdP, both uses certificates. As I read your second screenshot it is the certificates that the IdP uses to identify itself with the system side, ie what it uses to sign the token passed to the system side. The system side is also know as SP if I'm not all wrong.

What you'd need to update is the certificate that is used to identify the SP side with your IdP. That is done by the certificate that the SP uses and can be found in the metadata export that you do on the SP side, ie in Site Admin. On the IdP you'd put that certificate on the trust that is created for Webex (Site Admin).



Response Signature


In your IdP you should likely have two different trusts as you still use Site Admin for management of your Webex site(s). One for Site Admin and another for Control Hub. The one that you’ll need to renew the certificate for is the one for Control Hub.



Response Signature