1. SecureAuth Support
  2. Support Documentation
  3. IdP Knowledge Base Articles

License Info Cert change procedure

Follow
Avatar
Andrew Wood
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises

    • Version Affected:  All

    Description:  

    We use the License Info cert on the System Info tab to encrypt many different values. 

    If is not recommended to change the cert, even when it has expired. 

    The cert is used to encrypt

    1. Values in AD, such as KBQ/A and Oath Seed (and any others that have been manually changed to encrypted)
    2. Values in the Web.config file, such as Datastore Password, FBA Password, API ID and Key

     

    Cause:  

    As stated above, changing the License Info cert is not recommended. If you're going to do this, make sure you have a backup of the web.config so you can revert the changes. 

     

    Resolution:  

    Do not proceed if you're still using Oath Seed or other encrypted attributes, such as KBQ/A

    1. Before changing the license info, make sure you know the passwords for your Datastore
    2. Make sure you know the FBAservice account (on the workflow tab) if you're using this
    3. Go to the API tab and take a copy of the API ID and Key
    4. Take a backup of the web.config
    5. Change the license cert
    6. In order for the API ID and Keys to be encrypted, we need to get creative. 
      i. Go to the Workflow tab and scroll to the bottom where you'll see FBA WebService
      ii. enter the AppID as the FBA WebService Password and hit save
      iii. Decrypt the web.config
      iv. Search for "fbaservicepass" and copy the value
      v. Paste this for "Api.AppId"
      vi. Save the web.config
    7. Repeat this process in step6 but this time, use it to encrypt the AppKey ("Api.AppKey")
    8. Go to the Datatab and re-enter the service account password
    9. If this was a webservice realm, go to the workflow tab and reenter the correct FBAServicePassword

     

    Special Considerations:  

    It is not recommended to change the License Info Cert. This article is as a guide only, there may be other steps required in your environment.

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Article is closed for comments.

    Related articles

    Links:

    Identity Platform Documentation Portal
    Identity Platform Product Lifecycle Policy
    Global Support Policy

    Contact Support:

    Submit a Ticket
    Identity Platform Support: (866) 859-1526