Note: If you elect to use an existing certificate from your own CA, proceed to Step 2 to add new certificate.
Step 1:
For the Auth Connector service to regenerate the new self-signed certificate, remove the old (expired) self-signed cert from the Auth Connector folder and restart the Auth Connector service.
- Access the Auth Connector server.
- Open Windows Explorer.
- Go to Program Files > Blue Coat Systems > Auth Connector.
- The self-signed certificate is named saml-cert.cer.
- Delete or rename the expired self-signed certificate from the Auth Connector program folder (saml-cert.cer.old).
- Delete the existing certificate from the Certificate repository. This can be found here: Windows Certificates (Local Computer) > Personal > Certificates
*Cert will end with "saml.auth".
- Restart the Auth Connector service, which generates the new, self-signed certificate (named saml-cert.cer). This certificate remains valid for 2 years from this day.
If certificate doesn't recreate automatically, the "CreateCertificate" value in file "C:\Program Files (x86)\Blue Coat Systems\BCCA\saml.ini" needs to be set to "1":
CreateCertificate=1
Step 2:
- Open the new self-sign certificate (saml-cert.cer) with a text editor.
- Copy the contents of the certificate, beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----.
- Paste into the Portal: Service > Authentication > SAML > Signing Certificate Chains > Add new certificate.
- Click Okay.
Users are now able to authenticate with a new self-signed certificate.