LiveContent Reach: Error message after update with new certificate: 401 unauthorized error

Your certificates expired on Content Manager Main app, Content Manager Batch (publishing) and Reach servers. The new certificate for the Main app has a common name of machine.company.com. The new batch server received a certificate with a common name of machine.

The Content Delivery file LiveContentSSO.xml contains an issuer to validate trust with a CN.*company.com.*. This worked fine for the Main app server and allowed the SSO login to work properly. In testing we confirmed Content Manager was updated properly.

• Checked relying parties for main app and batch server
• Checked cacerts file for Content Delivery as it needed all the aliases updated to the latest used certificate set.
• Confirmed Content Delivery could upload and prepare data set.

still had issues with Publish and  got back 401 unauthorized.
 

The problem was fixed by adding the second line below as an issuer to the WEB-INF\ LiveContentSSO.xml file to allow any machine that defined the company.
 

<issuer subject="CN=.*company.com.*" certificateValidation="ChainTrust" name="InfoShareSTS" />
<issuer subject="CN=.*,,DC=company,DC=com" certificateValidation="ChainTrust" name="InfoShareSTS" />

Make sure the issuer is the correct match with the certificates used for all the Content Manager servers.

 

Batch server certificate to match the issuer line used to authenticate

Also see:
Troubleshooting Relying parties and Certificate issues
Knowledge Center, Tridion Docs - certificate update leads to publish 401 unauthorized