Certificate Authorities Overview

Context

In The Identity Hub certificates are used at different levels. Prior to be able to upload and use certificates based on a Private Root and Intermediate Certificate, those root and intermediate certificates need to be known by The Identity Hub.

As of version 1.67.5 the Certificate Authorities Overview page can be used to upload or delete Private Root and Intermediate Certificates.

The overview shows for the current tenant:

  • The currently available Private Root and Intermediate Certificates

Certificates that need your attention, as they are about to expire use the following coloring scheme:

  • yellow: expires within the next 30 (* see note) days
  • orange: expires within the next 15 (* see note) days
  • red: expired

It is possible to sort the certificates on their expiration in order to see the ones that have expired or will expire first at the top of the overview.

Note

Make sure that all certificates in the certificate chain of the certificate you want to use are uploaded to The Identity Hub.

Note

For on premises installations it is possible to configure the initial amount of days to look ahead, the default is 30. This value is divided by 2 to determine the amount of days to look ahead for the orange level.

Note

(Private) Root and Intermediate Certificates which are stored in the Certificate Store are not shown in this overview.

Warning

It can take up to 5 minutes for the changed configuration (uploaded of removed certificates) to take effect.

Warning

When using cerificates based on Private Root and Intermediate Certificates, other parties used by or using The Identity Hub must be able to handle these types of certificates.

  1. In the admin module navigate to the Used Certificates Page of your Tenant.
  2. On the top of the page click Certificate Authorities
Note

Overview is only accessible by Tenant admins.

Upload a certificate?

  1. Navigate to the Certificate Authorities Overview
  2. Click the Upload new certificate link
  3. Click Choose file and select the certificate file (public key)
  4. Click Save

Remove a certificate?

  1. Navigate to the Certificate Authorities Overview
  2. Find the certificate you want to remove
  3. Click the trash icon at the end of the certificate line
  4. Confirm the removal (this cannot be undone other than uploading a new copy of the certificate file)
Warning

If any certificates based on the removed Private Root or Intermediate Certificate are still in use, this will instantly break connections.

What to do when a certificate is about to expire?

You are the owner of the certificate

  1. If this is a certificate that is issued to you, order a new certificate at the issuer of your choice.
  2. Upload the public key of the new certificate to The Identity Hub

An external party is owner of the certificate

  1. If this is a certificate owned by an external party, contact the external party and ask for a new certificate.
  2. Upload the public key of the new certificate to The Identity Hub

Reports

There is a report for exporting the list of Private Root and Intermediate Certificates available in the Tenant.

A cross-tenant report is availble for the Hub Admin.

For more info see Reports

Used Certificates Overview