Salesforce

Update Certificate in architect 11.x

Printable View
« Go Back

Information

 
Article TypeSolution Article
Scope/EnvironmentLiveContent Architect 11.X
Symptoms/Context
When a server certificate is changed or renewed, you can no longer login in Architect. Several errors will be displayed linked to an untrusted certificate. If a server certificate is renewed, the thumbprint also changes. If a new certificate is used, a new thumbprint and subject name is generated. Architect is configured to search for the old certificate. If this one is renewed, it no longer matches the configuration and it will throw an error.
Resolution
  1. Make a backup of the following files:
    1. C:\InfoShare\Web\Author\ASP\web.config
    2. C:\InfoShare\Web\InfoShareWS\web.config
    3. C:\InfoShare\Web\InfoShareSTS\Configuration\infoShareSTS.config 
  2. Replace in the web.config the Thumbprint with the thubmprint from the renewed certificate.
    1. Open Internet Information Services (IIS)
    2. Open Server Certificates
    3. Locate the renewed Certificate and open it
    4. Go to the details tab > Locate the Value Thumbprint > copy the value (remember the Control Character at the beginning of the Thumbprint value)
    5. Update the web.config files from step 1a and 1b with the new thumbprint values
    6. Update the infoShareSTS.config from step 1c with the new thumbprint values.
  3. Open the component services and stop Trisoft-Infoshare-Author
  4. Open Internet Information Services and stop 
    1. TrisoftAppPoolInfoShareAuthor
    2. TrisoftAppPoolInfoShareSTS
    3. TrisoftAppPoolInfoShareWS
  5. Rename C:\InfoShare\Web\InfoShareSTS\App_Data\IdentityServerConfiguration-2.1.sdf to for example C:\InfoShare\Web\InfoShareSTS\App_Data\IdentityServerConfiguration-2.1.sdf.previous
  6. Open the component services and start Trisoft-Infoshare-Author
  7. Open Internet Information Services and start
    1. TrisoftAppPoolInfoShareAuthor
    2. TrisoftAppPoolInfoShareSTS
    3. TrisoftAppPoolInfoShareWS

  8. Login into the web UI and a new IdentityServerConfiguration-2.1.sdf file should be created containing the correct values of the new certificate's thumbprint and subject name.

    New certificate (change of subject and Thumbprint)

  1. Execute Above procedure +
  2. Open STS Website --> Key Configuration

  3. Update the Signing certificate by selecting it from dropdown.

Binding to Port 443

The HTTPS protocol is secured with a certificate. This certificate can also expire and when it does. 

    1. Open a Remote Desktop Connection to the Architect Server
    2. Open Internet Information Services
    3. Expand <Computername> > Sites > Default Website
    4. Right click on Default Website and choose Bindings
    5. Select HTTPS and click Edit
    6. Make sure that the correct certificate is selected from the dropdown.  
      User-added image

 

 

Root Cause
Reference
https://confluence.sdl.com/display/CCS/Update+Certificate+in+architect+11.x
Attachment 1 
Attachment 2 
Attachment 3 
Attachment 4 
Attachment 5 
Powered by