Common Services certificates are automatically updated to prevent revocation due to
expiration. When a certificate is automatically updated, you need to update the Common Services certificate registered
on the AD FS server. There are two ways to update certificates: automatically or
manually.
Automatically updating the Common Services certificates
To automatically update Common Services certificates, perform the
following procedure. Use the Relying Party Trust Monitoring function of AD FS to ensure
that Common Services
metadata is updated automatically.
Note: After the certificate is automatically updated in Common Services, it might take up to 24 hours
until the certificate is updated by the AD FS Monitoring function. Until it is updated,
you will not be able to log in to the Hitachi Ops Center Portal as an identity provider user.
Verify that the following settings are configured:
- If the Windows Server version is 2019 or earlier, verify that Common Services certificates are signed with ECDSA.
- Verify that TLS 1.2 or higher is enabled in the .NET Framework settings of the AD FS server.
- Log in to the Hitachi Ops Center Portal as the sysadmin user or as a user who is a member of the opscenter-administrators group.
- From the navigation bar, click Manage users.
- In Asset type in the Users window, click Identity providers. In the target identity provider details window, check the value of SAML SP metadata URI.
- Log in to the AD FS server.
- Select .
- From the tree on the left side, select Properties. . In the middle pane, select the target Relying Party Trust, and then in the right pane, click
- In the properties window, select the Monitoring tab, and enter the value of SAML SP metadata URI that you checked in the identity provider details window of the Hitachi Ops Center Portal in Relying party's federation metadata URL.
- Click Test URL to confirm. If an error occurs, review the SSL/TLS settings of Windows.
- Select the check box for Monitoring relying party.
- Select the check box for Automatically update relying party.
- Click Apply.
Manually updating the Common Services certificates
To manually update Common Services certificates, perform the following procedure. If
the date of the next update of the authentication key of Common Services is approaching,
update the authentication key and the metadata. You can also change the update interval
of the authentication key without actually updating the key.