How to change an expired token signing cert for Safewhere Identify

Given that the signing certificate for Identify has expired. We want to update it to another new certificate.

We need to follow this:

A. Safewhere Identify v.5.1+:

From version 5.1+, we supported a new feature in the configurator to change the signing certificate easily. You can run the configurator and choose Reconfigure an instance option like the image below. After that process to the next steps to change the signing certificate.

B. Safewhere Identify < v.5.1:

  1. Open the certificate store:
    • Import the new certificate file: .pfx or .p12 to LocalMachine\My
    • Import the new certificate’s CA to LocalMachine\Trusted Root Certificate Authorities
    • Import the public key of the new certificate to LocalMachine\Trusted People
    • Grant the Read permission to the private key of the new certificate to the Identity of the application pool for Identify
  2. Change the signing for IdentifyConfiguration XML of the Identify:
    • Run SQL script to get the IdentifyConfiguration XML :
    • Change the signing certificate in that xml and run update sql like
  3. Change the encrypt certificate for WSFED protocol connection of the connection whose name is “https://#REPLACE_THIS_WITH_YOUR_TENANT_DOMAIn/admin/”:
    • Run SQL script to get the XML :
    • Change the signing certificate in that xml and run update sql like
  4. Access and open the web.config at C:\Program Files\Safewhere\Identify\Tenants\[yourtenant]\admin, replace the places which is using the original certificate’s thumbprint value by the new one’s thumbprint value
  5. Do the same like above with the web.config at C:\Program Files\Safewhere\Identify\Tenants\[yourtenant]\service
  6. Reset the IIS to get the new change to be applied.
  7. Remember to update/reload metadata in all other RP/IdP that is connected to this Identify instance.

* Note: if you are using Identify v4.2 then at step 3, you should use [ProtocolConnection] table instead of [Connection] table

Was this helpful ?Good Somewhat Bad