Identity Server comes with a the test-connector certificate. This procedure shows you how to replace this certificate by completing the following tasks:
Enable SSL on Identity Server (changing from HTTP to HTTPS)
Create a certificate
Replace the test-connector certificate with the newly created certificate
To configure SSL on Identity Server:
Click Devices > Identity Servers.
In the Configuration column, click Edit.
Change Protocol to HTTPS (the system changes the port to 8443), click Apply, then click OK at the warning.
Copy the domain name of your Identity Server configuration to the clipboard, or take note of the name. It must match the common name of the new certificate.
Click the SSL Certificate icon, then click OK at the warning if you clicked Apply when you changed the protocol to HTTPS.
If you did not click Apply, then click Cancel and click Apply before returning to this option
The Keystore configuration page appears.
In the Certificates section, click Replace.
In the Replace dialog box, click the Select Certificate icon next to the Certificate field.
On the Select Certificate page, click New.
Click Use local certificate authority.
This option creates a certificate signed by the local CA (or Organizational CA), and creates the private key.
Specify the following details:
Certificate name: A name that you can associate with this certificate. For easy reference, you might want to paste the domain name of Identity Server configuration in this field.
For information about how to modify the default values before clicking OK, see Section 16.0, Creating Certificates.
Subject: Click the Edit Subject icon. In the Common Name field, paste the domain name of the base URL of Identity Server configuration. This value cannot be an IP address or begin with a number, to ensure that trust does not fail between providers.
If you are going to use Windows CardSpace, fill in values for the other common attributes.
Click OK.
To accept the default values in the other fields, click OK twice.
The new certificate is displayed on the Select Certificate page.
Verify that the new certificate is selected, then click OK.
Click OK.
Click Restart Now to restart Tomcat, as prompted.
Click Close on the Keystore page.
If your Identity Server and Administration Console are on the same machine, you need to log in to Administration Console again.
If your Identity Server is on another machine, click OK.
To verify the health of Identity Server, click Devices > Identity Servers.
To update the embedded service provider of Access Gateway to use the new URL, click Devices > Access Gateways > Update.
If you do not receive the option to update Access Gateway, select Access Gateway, then click Actions > Service Provider > Restart Service Provider > OK.
Restarting the service provider reestablishes the trust between Access Gateway and the new base URL for Identity Server.
Verify that the trusted relationship between Identity Server and Access Gateway has been reestablished.
Enter the URL to a protected resource on Access Gateway.
Complete one of the following:
If you can access the site, the trusted relationship has been reestablished. Continue with Configuring Access Gateway for SSL.
If you receive a 100101043 or 100101044 error, the trusted relationship has not been established. For information about how to solve this problem, see Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors.