How do I change the CloudEntity Signing Certificate or Algorithm?

Follow
    Applies to:
  • Cloudentity
Deployment model:
  • Cloud
  • Description:  
    How do I change the Signing Certificate or the Signing Certificate Algorithm


    Cause:
     
    Sometimes a certain Algorithm is required on a CloudEntity Signing Certificate, in CloudEntity you can choose between RSA or ECDSA
    How to change the Algorithm, or create a Certificate with a different Algorithm, may not be immediately obvious


    Resolution:
     
    Log into CloudEntity and browse to the below Section in the correct Workspace
    OAUTH - Tokens - Signing and Encryption

    Once there, scroll down to 'Signing key rotation settings'

    Click on 'Rotate Key' and you will be able to choose the Algorithm of the next Signing key to be placed into the queue.

    *** Going further than this point will actually Rotate your current Signing Key out of the queue, meaning you will need to update the Public keys on any Service Providers using this key ***

    Select the required Algorithm and click 'Rotate'
    This will change the current Signing Certificate to the next one in the queue and it will create a new Signing Certificate, placing it as next in the queue, with the signing Algorithm you selected



     


    Notice the 'Next key in queue' (Check the Key ID values in the above and below screenshots) has now become the 'Current key in use' and the newly created key, with the ECDSA Algorithm has become the 'Next key in queue'

     

    For more information, please see the below:
    https://cloudentity.com/developers/howtos/auth-settings/signing_keys_management/

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Article is closed for comments.