Collapse Submit a Service Request Contact Information for Technical SupportMy Service Notifications
Validating and reviewing the properties of the signing certificate for SSO
Answer ID 9992 | Last Review Date 07/22/2019
What are the steps for validating and checking the signing certificate used in the response for Single Sign On (SSO)?
Single Sign On (SSO)
What are the steps for validating and reviewing the properties of the signing certificate used in the response for Single Sign On (SSO)?
- Obtain the signing certificate. This can come from the SAML response or may be provided to you by your local IT department. The certificate must be in a base64 encoded format (.pem or .cert). If it is not, the certificate must be converted to this format in order to review, validate, and upload into File Manager
- Once in the proper format, the extension must be set to .cer
- Double click on the certificate
- On the General tab, check the "Issued to:" and "Issued by:". If these are different, an intermediate certificate is required. The "Valid from" section must also contain a date that is not expired. Should an intermediate certificate be required, check the Certification Path tab. If there is a certificate chain visible, each certificate can be exported to the workstation by following the instructions below:
1. Click on button "View Certificate"
2. Click on Details tab and click "Copy to File".
3. Follow instructions to export out as DER encoded binary X.509 (.cer) certificate
Your local IT department will need to be engaged to provide the necessary certificates to be uploaded into File Manager should the Certification Path tab not contain the path of certificates and the "Issued to:" and "Issued by:" sections are different.
- Click on the Details tab to obtain the thumbprint that is used for configuration setting SAML_20_SIGN_CERTS. All spaces and colons in the thumbprint must be removed before adding to this configuration setting.
**Note: Step 5 is only required for Customer Portal implemented with SSO and SSO not setup under "Single Sign On Configurations" in agent console.