Either current versions of PingFederate (8.0) or PingAccess (3.2) fixes the ssl certificate change automatically, despite you have the intermediate certificate installed.
To fix this you simple need to perform the following steps:
1) Determine which intermediate certificate was used to sign the SSL certificate. This may be determined by noting the Issuer DN when viewing certificate details. Export it to a file.
2) Check your runtime server certificate and export only the public key to a file.
3) Combine the exported public key for your runtime server certificate with the intermediates public key. To do this, use the following openssl command:
openssl crl2pkcs7 -nocrl -certfile yourruntimeserversSSLpublickey.crt -certfile publickeyintermediateca.crt -outform PEM -out csr_response.p7
4) Now import the resulting p7 file. You do this by simple choosing Import CSR response.
5) To test that PingFederate/PingAccess is indeed including the intermediate certificate when negotiating SSL, you may test with the following command, which should show both the primary and intermediate certificates in the response:
openssl s_client -connect yourservername:443 -showcerts
Inga kommentarer:
Skicka en kommentar