Replacing an encryption certificate for the Security Token Service
With the Pega® Robotic Automation Deployment Portal, you can use the Pega Robotic Automation Security Token Service to provide security tokens for implementing single sign-on. To avoid service interruption, you should replace the encryption certificate as required by Pega Support.
To replace an authority encryption certificate, complete the following tasks:
Updating the authority encryption certificate
- Open the OpenSpan STS Configuration Console as an administrator by right-clicking its executable file and selecting the Run as administrator option.
- From the tree view, click Relying Party and then click .
The system downloads the new certificate from authority.openspan.com and places it in the Microsoft Windows Personal Certificate Store. This certificate is now used as the encryption certificate for STS.
- Close the Security Token Service Configuration console.
- When asked if you want to save the changes to the configuration, click Yes.
- When asked if you want to navigate to the Security Token Service to verify its operational status, click No.
Verifying that the certificate has been updated on the STS server
- To run the Microsoft Management Console (MMC) snap-in, click mmc.exe.
and then enter
- In the Add Standalone Snap-in dialog, select Certificates.
- In the Certificates snap-in dialog, select Computer account and click Next.
- In the Select Computer dialog, click
- In the Add/Remove Snap-in dialog, click
- To view the certificate stores for the computer, in the Console Root dialog, expand Certificates (Local Computer).
- Expand Personal Folder
- Select Certificate.
- In the middle pane, verify that the certificate with expiry date of 1/25/2021 issued to authority.openspan.com is present.
If you see another certificate with same title but with a different expiry date (1/10/2018), delete it to ensure that the new certificate is used.
If Pega Robotic Automation Runtime cannot authenticate, contact Pega Robotic Automation Support.
Continue with Setting up the Certificate Revocation List.
Published May 24, 2017 — Updated May 8, 2018