locked
x.509 certificate renewal RRS feed

  • Question

  • Hello All,

    Our resource Partners org x.509 Certificate is expiring in 30 days, and they requesting the certificate from us ( Account Partner).

    I want to know if this the SSL certificate ( token encrypting, Token Decrypting) which is in our environment.

    Please advise

    Thanks


    NA

    Wednesday, June 15, 2016 12:55 PM

Answers

  • Each relationship is 1 - 1.

    So partner A's certificate expiring does not affect partner B.

    But if the ADFS certificate expires then you have to send the new certificate to both A and B.

    • Marked as answer by Masthanomatic Monday, June 27, 2016 12:27 PM
    Sunday, June 19, 2016 6:59 PM

All replies

  • Somewhat confused?

    Is this for ADFS?

    Your partner's ADFS SSL or token signing certificate is expiring?

    In this case sending them anything from your side won't help and is irrelevant.

    They should send you their new token signing certificate.

    Wednesday, June 15, 2016 8:19 PM
  • Yes, this is for ADFS

    yes their x.509 Certificate is expiring.

    Today i spoke to them, and they send the snap shot of the expiring certificate

    its the same what we(account partner org)  have in our token signing certifate(verified the version,thumpprint etc) all are same except our will expire after 2 months 

    So application team ( Resource Partner org) asked for this certificate.

    if i send them this certifcate and they add it to their environment. will it work.

    Note: and i believe we should send them token sigining certificate,as we are account partner org

    thanks


    NA

    Thursday, June 16, 2016 5:26 PM
  • So then it's YOUR ADFS Token Signing Certificate that's about to expire?

    To find out: Start the ADFS Management Console on your ADFS server, expand the Services node in the left pane then highlight the Certificates node in the left pane. This will show you all your ADFS Certificates in the middle pane along with their Expiration Date.

    Thursday, June 16, 2016 5:40 PM
  • Our ADFS certificate will expire after 2 months, and we have prepared a plan, as it is auto renewal, once we get the new certificate generated, we will contact the all application team owner ( Resource partner org) and issue them the new certificate.

    Now the prob is, the certificate is about to expire for one of the application company (resource Partner org) in 20 days. And its the same what we have in our token signing signing (under services node>certificate>token signing)

    so they asked us to give this certificate to them, so that they can upload it from their side

    Thanks


    NA

    Thursday, June 16, 2016 6:38 PM
  • As I said, if another parties certificate has expired, they have to give you the certificate so you can load it into ADFS not the other way round.
    Thursday, June 16, 2016 6:48 PM
  •  

    if i am not wrong, you are referring SSO or Relying Party trust certificate.

    And let me tell you that relying party for these application does not have any certificate in our ADFS.

    and their certificate also mentions as xx.sigining certificate and same as ours which is token signing certificate

    please provide your valuable feedback

    thanks



    NA

    Thursday, June 16, 2016 7:29 PM
  • Your ADFS has a token signing certificate.

    If your partner is another STS,  they have a token signing certificate.

    If your partner is another application,  they won't have a token signing certificate unless they are using SAML 2,0 as the protocol.

    Either way, the side that has an expiring certificate has to send a new certificate to the other side to keep everything in sync.

    Thursday, June 16, 2016 7:47 PM
  • yes they are using SAML 2.0 as the protocol,

    So they send us their certificate and we update in our ADFS 

    then what happens to other partners of our ADFS, how should we manage this?

    thanks


    NA

    Friday, June 17, 2016 12:15 PM
  • Each relationship is 1 - 1.

    So partner A's certificate expiring does not affect partner B.

    But if the ADFS certificate expires then you have to send the new certificate to both A and B.

    • Marked as answer by Masthanomatic Monday, June 27, 2016 12:27 PM
    Sunday, June 19, 2016 6:59 PM