Replacing an encryption certificate for Active Directory Federation Services
With the Pega® Robotic Automation Deployment Portal, you can use an Active Directory Federation Services (AD FS) server to provide security tokens for implementing single sign-on. To avoid service interruption, you should replace the encryption certificate as required by Pega Support.
To replace an authority encryption certificate, complete the following tasks:
Downloading the certificate
- Download the authority encryption certificate
- Open a web browser and go to the authority.openspan.com website. The Authority Server webpage displays.
- To download the certificate, click Authority SSL certificate.
The certificate has the following serial number: 00 f7 06 b1 11 d0 5d eb 7e
Importing the certificate
After you finish downloading the certificate, import the certificate by using the AD FS console, which is installed when you install AD FS.
- From the Start menu, in the Search Programs and File field, type Admin, and then click > .
- Click Relying Party Trusts.
- Right-click the relying party trust setup for OpenSpan and click Properties.
- Click the Encryption tab.
- Click and select the authority certificate that you downloaded in the previous task. Click .
- Verify that the subject is CN=authority.openspan.com and that the expiration date is 1/25/2021.
- Click . The warning that the encryption certificate will expire within thirty days disappears.
- Click .
The system replaces the AD FS encryption certificate.
If Pega Robotic Automation Runtime cannot authenticate, contact Pega Robotic Automation Support.
Continue with Setting up the Certificate Revocation List.
Published June 7, 2017 — Updated July 6, 2018