Skip Navigation
Validating and reviewing the properties of the signing certificate for SSO
Answer ID 9992   |   Last Review Date 03/18/2022

What are the steps for validating and checking the signing certificate used in the response for Single Sign On (SSO)?


Single Sign On (SSO)


What are the steps for validating and reviewing the properties of the signing certificate used in the response for Single Sign On (SSO)?

  1. Obtain the signing certificate. This can come from the SAML response or may be provided to you by your local IT department. The certificate must be in a base64 encoded format (.pem) or  DER Encoded Binary X.509 (.cer or .crt). If it is not, the certificate must be converted to this format in order to review, validate, and upload into File Manager.  Please note, if you receive one certificate from your local IT department that includes the entire chain (to easily see this, save the certificate in.cer extension and open it on your desktop and navigate to the Certification Path tab), you will need to separate out each certificate and upload individual certificates for the entire chain into the File Manager.  
  2. Once in the proper format, the extension must be set to .pem or .cer
  3. Double click on the certificate
  4. On the General tab, check the "Issued to:" and "Issued by:". If these are different, an intermediate certificate is required. The "Valid from" section must also contain a date that is not expired. Should an intermediate certificate be required, check the Certification Path tab. If there is a certificate chain visible, each certificate can be exported to the workstation by following the instructions below:

    1. Click on button "View Certificate"
    2. Click on Details tab and click "Copy to File".
    3. Follow instructions to export out as DER encoded binary X.509 (.cer) certificate

    Your local IT department will need to be engaged to provide the necessary certificates to be uploaded into File Manager should the Certification Path tab not contain the path of certificates and the "Issued to:" and "Issued by:" sections are different. 
  5. Click on the Details tab of the signing certificate to obtain the thumbprint that is used for configuration setting SAML_20_SIGN_CERTS. All spaces and colons in the thumbprint must be removed before adding to this configuration setting.
       **Note: Step 5 is only required for Customer Portal implemented with SSO and SSO not setup under "Single Sign On Configurations" in agent console.