Skip to main content
Support

KB Article #183070

Central Gouvernance! - Default Axway Passport SSO Certificate will expire in CG on 14th March 2024

Problem


The Passport SSO certificate will expire on the 14th of March 2024 and you need to replace the old certificate in CG with the new one

Resolution

  1. Stop CG
  2. backup the conf/security folder from the Passport node from the CG installation.
  3. Copy from the archive the new sso.jks file from the conf/security folder, rename it (ssonew.jks is the name I used, whatever you use, replace the name in the command below), and copy it to the conf/security folder in the Passport node in the CG installation.
  4. Go to the conf/security folder in the Passport node and run the following command to replace the old certificate with the new one: keytool -importkeystore -srckeystore ssonew.jks -srcstorepass "axway*" -srckeypass "axway*" -srcalias passportsso -destalias passportsso -destkeystore sso.jks -deststorepass <CG_ENCRYPTION_KEY> -destkeypass <CG_ENCRYPTION_KEY>
  5. backup the sso/webapps/ROOT folder from the Passport node of the CG installation.
  6. Copy from the archive the new sso.jks file from the sso/webapps/ROOT folder, rename it (ssonew.jks is the name I used, whatever you use, replace the name in the command below) and copy it to the sso/webapps/ROOT folder in the Passport node in the CG installation.
  7. Go to the sso/webapps/ROOT folder in the Passport node and run the following command: keytool -importkeystore -srckeystore ssonew.jks -srcstorepass "axway*" -srckeypass "axway*" -srcalias passportsso -destalias passportsso -destkeystore sso.jks -deststorepass <CG_ENCRYPTION_KEY> -destkeypass <CG_ENCRYPTION_KEY>
  8. After running the 2 commands, it's safe to delete the keystores you copied over on steps 2 and 4.
  9. Start CG.

After this, CG will use the new SSO certificate.

NOTE:

The parameter CG_ENCRYPTION_KEY corresponds to the ENCRYPTION_KEY parameter from the CG configuration.