Description:
How do I change the Signing Certificate or the Signing Certificate Algorithm
Cause:
Sometimes a certain Algorithm is required on a CloudEntity Signing Certificate, in CloudEntity you can choose between RSA or ECDSA
How to change the Algorithm, or create a Certificate with a different Algorithm, may not be immediately obvious
Resolution:
Log into CloudEntity and browse to the below Section in the correct Workspace
OAUTH - Tokens - Signing and Encryption
Once there, scroll down to 'Signing key rotation settings'
Click on 'Rotate Key' and you will be able to choose the Algorithm of the next Signing key to be placed into the queue.
*** Going further than this point will actually Rotate your current Signing Key out of the queue, meaning you will need to update the Public keys on any Service Providers using this key ***
Select the required Algorithm and click 'Rotate'
This will change the current Signing Certificate to the next one in the queue and it will create a new Signing Certificate, placing it as next in the queue, with the signing Algorithm you selected
Notice the 'Next key in queue' (Check the Key ID values in the above and below screenshots) has now become the 'Current key in use' and the newly created key, with the ECDSA Algorithm has become the 'Next key in queue'
For more information, please see the below:
https://cloudentity.com/developers/howtos/auth-settings/signing_keys_management/
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Article is closed for comments.