Forums, Documentation & Knowledge Base - ComponentSpace

SAML - Keyset does not exist on Certificate Manager cert


https://componentspace.com/forums/Topic11473.aspx

By yannis - 3/11/2021

Hi all,

We have been using component space in production for a long time. Great software!

We are now at a point where our certificate in production is going to expire soon and we need to replace it with a new one. That certificate is used by a componentspace configuration as follows.

What we did is that we imported the new certificate. At first we got an error that the "*.domain.com certificate already exists" or something. We removed the old certificate and then we got a "Keyset does not exist".

We weren't able to figure it out so we removed the new certificate and imported back the old one which fixed the problem for now but we still need to sort it out as the certificate will expire soon. Any ideas?

"LocalServiceProviderConfiguration": {
  "Name": "someid",
  "Description": "Service1",
  "AssertionConsumerServiceUrl": "https://subdomain.domain.com/login/saml",
  "SingleLogoutServiceUrl": "https://subdomain.domain.com/logout/saml",
  "LocalCertificates": [{
   "SubjectName": "*.domain.com"
  }]
},
"PartnerIdentityProviderConfigurations": [{
  "Name": "https://external.com",
  "Description": "DESC",
  "SignAuthnRequest": true,
  "SignLogoutRequest": true,
  "SignLogoutResponse": true,
  "DisableInResponseToCheck": true,
  "SingleSignOnServiceUrl": "https://external.com",
  "SingleLogoutServiceUrl": "https://external.com",
  "PartnerCertificates": [{
   "FileName": "bootstrapping/subsystems/saml/certificates/CERT.cer"
  }]
}]
}



By ComponentSpace - 3/12/2021

I'm not sure. I suggest taking a look at old certificate's private key permissions in the Certificates snap-in for comparison.

Let me know how you go. Thanks.