• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

up2date sso certificate

Q

quanticom

Guest
Hello,

I don't see any procedure in the documentation to up to date the single sign on certificate.

Can you explain me the correct way to change this cert when is expired?

port 11443

Best regards,

Miguel
 
not enougth

To install the SSO certificate, please, do the following:

1. replace /etc/sso/sso.pem file (this is the default certificate) with the new one.

2. afterwards, please, restart SSO server:

# /etc/init.d/sw-cp-server restart

Now the certificate should be active.
 
signature is not valid;

there is an error with the new sso cert when you close an user SB session you get that

Internal Sitebuilder error.
File: /usr/local/sitebuilder/include/SB/Actions/SSO/Proxy.php; Line: 142
Message: SSO response signature is not valid; Code: 0

Go back Send report to developers

and some users can't login.

How can I do? can someone tell me the procedure to change the sso cert correctly?

Regards,

Miguel
 
procedure

[root@ ~]# openssl genrsa -des3 -out sso.key 512
Generating RSA private key, 512 bit long modulus
....++++++++++++
....++++++++++++
e is 65537 (0x10001)
Enter pass phrase for sso.key:
Verifying - Enter pass phrase for sso.key:


[root@ ~]# openssl rsa -in sso.key -out sso.pem
Enter pass phrase for sso.key:
writing RSA key
[root@ ~]#

[root@ ~]# openssl req -new -key sso.pem -out sso.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

# openssl x509 -req -days 366 -in sso.csr -signkey sso.pem -out sso.crt

now it looks like this:

[root@ ~]# cat /etc/sso/sso.pem


After that I found corresponding sso certificates in Plesk and Sitebuilder:

[root@ ~]# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "select * from misc where val like '%sso%'"
+---------------------+--------------------------------+
| param | val |
+---------------------+--------------------------------+
| sso_certificate | /usr/local/psa/var/sso.sp.pem |
| sso_idp_api_version | sw:sso:idp:1_0 |
| sso_idp_cert | /usr/local/psa/var/sso.idp.pem |
+---------------------+--------------------------------+

And SB:

[root@ ~]# find /usr/local/sitebuilder/etc/ | grep sso_[s,i] |.pem

/usr/local/sitebuilder/etc/sso_idp_cert.pem
/usr/local/sitebuilder/etc/sso_sp_key.pem

After that I replaced certificate section from /etc/sso/sso.pem into /usr/local/psa/var/sso.idp.pem and /usr/local/sitebuilder/etc/sso_idp_cert.pem files accordingly.

http://www.quanticom.es
 
You must log in or register to reply here.

Similar threads

M
Question Error SSO Login
Replies
0
Views
85
menkisys
M
X
Question Issue/Renew Let's Encrypt certificate if site is behind cloudflare
Replies
8
Views
3K
Harun
Harun
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
730
deepnpisgah
D
P
Resolved Postfix gives wrong certificate
Replies
15
Views
4K
AYamshanov
AYamshanov
Endre
Issue Unable to access the remote backup storage using SFTP
Replies
6
Views
1K
Endre
Endre
Back
Top