GLUU Ldap,IDP Signing and Encryption Certificate Update (Renewal of Certificates)

By: Praveen Srinivasan user 30 Aug 2021 at 5:29 a.m. CDT

2 Responses
Praveen Srinivasan gravatar
Hi Team, When we install fresh GLUU, opendj.crt and IDP signing ane encryption certificates is created by default and it is valid for 1 year. After 1 year due the crt expiration oxauth and oxtrust services throwing error while connecting to ldap. Is there a way to update the opendj certificate in GLUU? I can see that we can update Httpd certificate by following https://gluu.org/docs/gluu-server/4.2/admin-guide/certificate/ link. But I couldn't find a way to update opendj ssl and idp signing, encryption certificates. Can you please share if there is a way to update certificate in GLUU? ![](https://i.ibb.co/xsmt8yR/gluu-certificate-expiration-dates.png)
Gluu 4.2.1 Ubuntu 18.04
closed

Answers

By Mobarak Hosen Shakil staff 31 Aug 2021 at 2:15 p.m. CDT

Copy
Mobarak Hosen Shakil gravatar
Hi Praveen Srinivasan, The image you have shared still has 1 year validity. I wonder why `OpenDJ` showing 1 year validity, it should have 20 years. is it fresh installation? Anyway to upgrade: - Backup your existing `idp-signing.crt` and `idp-signing.key` from Gluu-Server-container:/etc/certs location - Generate long term `idp-signing.crt` and `idp-signing.key`. We are using self signed cert and key. Command: `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout idp-signing.key -out idp-signing.crt` - Put these newly generated cert and key inside /etc/certs/ location. Make sure permission is `root:gluu` - Stop / Start Gluu-Server container Similarly you can renew certificate for `idp-encryption`. Just remember to keep backup of `/etc/certs`. Thanks & Regards ~ Shakil

By Mobarak Hosen Shakil staff 08 Sep 2021 at 4:52 a.m. CDT

Copy
Mobarak Hosen Shakil gravatar
Please reopen the ticket if required.

Post an answer