This content has been archived and is no longer being maintained.

Table of Contents

Article

Replacing an encryption certificate for the Security Token Service

With the Pega® Robotic Automation Deployment Portal, you can use the Pega Robotic Automation Security Token Service to provide security tokens for implementing single sign-on. To avoid service interruption, you should replace the encryption certificate as required by Pega Support.

To replace an authority encryption certificate, complete the following tasks:

Updating the authority encryption certificate

  1. Open the OpenSpan STS Configuration Console as an administrator by right-clicking its executable file and selecting the Run as administrator option.
  2. From the tree view, click Relying Party and then click Update encryption certificate.
    The system downloads the new certificate from authority.openspan.com and places it in the Microsoft Windows Personal Certificate Store. This certificate is now used as the encryption certificate for STS.
  3. Close the Security Token Service Configuration console.
  4. When asked if you want to save the changes to the configuration, click Yes.
  5. When asked if you want to navigate to the Security Token Service to verify its operational status, click No.

Verifying that the certificate has been updated on the STS server

  1. To run the Microsoft Management Console (MMC) snap-in, click Start > Run and then enter mmc.exe.
  2. Click File > Add/Remove Snap In.
  3. In the Add Standalone Snap-in dialog, select Certificates.
  4. Click Add.
  5. In the Certificates snap-in dialog, select Computer account and click Next.
  6. In the Select Computer dialog, click Finish.
  7. In the Add/Remove Snap-in dialog, click OK.
  8. To view the certificate stores for the computer, in the Console Root dialog, expand Certificates (Local Computer).
  9. Expand Personal Folder
  10. Select Certificate.
  11. In the middle pane, verify that the certificate with expiry date of 1/25/2021 issued to authority.openspan.com is present.
If you see another certificate with same title but with a different expiry date (1/10/2018), delete it to ensure that the new certificate is used.

If Pega Robotic Automation Runtime cannot authenticate, contact Pega Robotic Automation Support.

Continue with Setting up the Certificate Revocation List.

Tags:

Published May 24, 2017 — Updated May 8, 2018

Have a question? Get answers now.

Visit the Pega Support Community to ask questions, engage in discussions, and help others.