Certificate Management for SSO#

Create a self-signed or 3rd party certificate for SSO#

This procedure creates a self-signed or third-party-signed system certificate to use when setting up Single Sign-On (SSO) on the web proxy node on VOSS Automate.

Note

  • Web server certificate management is carried out on the VOSS Automate command line. Refer to the CLI documentation for details.

  • During customer onboarding, SSO certificate creation is customer-specific.

  1. Log in as system administrator.

  2. Go to (default menus) Administration Tools > Certificate Management.

  3. Click Add.

  4. Fill out the fields on the Base tab:

    • Fill out a Name and Description for the certificate.

    • At Generate Certificate Signing Request:

      • Clear the checkbox for a self-signed certificate.

      • Select the Generate Certificate Signing Request checkbox for a third-party-signed certificate.

      • If this is a self-signed certificate, define the certificate validity period. This is measured in seconds and defaults to 0 (now) and 315360000 (10 years), respectively.

    • (Optional) Change the Key Length from the default of 1024.

  5. Fill out the fields on the Certificate Information tab:

    Field

    Description

    Common Name *

    Enter the FQDN for your server.

    Country Code *

    A two-digit country code

    State *

    An appropriate country subdivision

    City *

    Your city

    Organization *

    Your organization

    Organization Unit *

    Your organization subunit

  1. Click Save.

    Note

    If you created a self-signed certificate, you can exit this procedure. If you requested a third-party-signed certificate, continue with the next steps.

  2. On the Certificate Management list view, click on the third-party-signed certificate you created.

  3. Choose Action > Export Certificate Request.

  4. Follow your organization’s procedures to obtain the third-party signature for the certificate.

  5. Click the certificate.

  6. Choose Action > Upload Signed Certificate.

  7. Browse to the signed certificate, then click OK.

Renew Single Sign-On Certificate for VOSS Automate#

If a customer’s Single Sign-on certificate expires, then to renew the certificate for VOSS Automate:

  1. Follow the steps to regenerate the certificate (either self-signed or CA signed) as described in Certificate Management for SSO.

  2. Follow the steps to regenerate and upload SP metadata to the IdP described in SSO SP Settings.

    Note:

    If an expired SSO certificate is being renewed and the IdP metadata has not changed, then the download, configure and upload of the IdP metadata is not required and these steps can be ignored.