-
제목
Updating certificates in Password Manager -
설명
What is the correct process to update expiring certificates in Password Manager? -
해결 방안
Password Manager may be using custom certificates for two purposes:
- Securing backend communication between the web interfaces and the Password Manager service
- SSL / HTTPS Site Bindings in IIS
Updating certificates used by Password Manager for backend communication:
By default, Password Manager uses a Built-in certificate that does not need to be updated. If the option to use a custom certificate was selected during setup, it can be updated by following the steps below:
- Install the updated certificate on the Password Manager service host
- Launch the PMAdmin site
- Navigate to General Settings | Reinitialization
- Select the updated certificate in the Certificate Name dropdown
- Click Save
After updating the certificate in the PMAdmin site, the user and helpdesk interfaces should also have their certificates updated, otherwise they will be inaccessible due to a certificate mismatch with the service.
- Launch the PMAdmin site
- Navigate to General Settings | Reinitialization
- Take note of the Certificate and Port specified
- Ensure this certificate is installed on all Password Manager hosts
- Rename or delete the following files on all hosts where the user and helpdesk interfaces exist:
- %Program Files%\One Identity\Password Manager\Web\User\App_Data\WcfConnectionSettings.xml
- %Program Files%\One Identity\Password Manager\Web\SelfService\App_Data\WcfConnectionSettings.xml
- %Program Files%\One Identity\Password Manager\Web\HelpDesk\App_Data\WcfConnectionSettings.xml
- Launch the sites individually to display the Initialization options
- Input the IP or Hostname of the server where the Password Manager service is installed
- If the user interfaces and the service are on the same host, input 127.0.0.1
- Select the Certificate and Port noted from step 3
- Click Save
- Repeat for all user and helpdesk sites
Updating certificates used by Password Manager for HTTPS in IIS:
There are no special steps that need to be taken to update SSL certificates used for HTTPS site bindings for Password Manager, and standard Microsoft best practices can be utilized. For guidance on installing an SSL certificate, review this Microsoft resource, or contact Microsoft support.