Overview of updating authentication certificates

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23

For identity providers, certificates used by Common Services and AD FS are used during user authentication.

Common Services certificates are called authentication keys, and AD FS certificates are called Token certificates.

Each certificates has an expiration date and certificates are automatically updated according to a defined interval (in days).

However, when a certificate is automatically updated, a discrepancy arises between the new certificate and the certificate that was registered when the link with the identity provider was configured. For this reason, you will no longer be able to log in to Common Services by using the user account of the identity provider. To prevent this problem, you must check the date of the next update of the certificate and update the certificate before its expiration date.

If it is inconvenient to update the authentication key of Common Services immediately, you can temporarily suppress the update by increasing the number of days set as the update interval. Although you can also change the update interval of AD FS Token certificates, the change is not applied to the certificates currently used. The new update interval is applied to the certificates that will be updated next time.

Tip: If you manually update the Common Services certificate, we recommend that you specify the same update interval for the Common Services authentication key and for the AD FS Token certificates, because this enables you to update both on the same day. Update certificates during a time when no user is logged in (such as on a holiday or during the night).