Signing certificates
Ivanti Access uses standard PKI to sign authentication requests and assertions used for federation. A default signing certificate is created for every Access instance. If you do not want to use the default certificate, you can generate a new signing certificate in the Ivanti Access administrative portal or add a PKCS 12 file containing a certificate and private key to use for signing federation messages.
•Adding a signing certificate in Ivanti Access
•Generating a signing certificate in Ivanti Access
SSL certificates should not be used in lieu of the signing certificate. This use case is not supported.
You can use the same signing certificate for the SP as well as the IdP.
Adding a signing certificate in Ivanti Access
The following provides the steps for adding a signing certificate in Access.
Before you begin
•Ensure that you have a PKCS 12 format file (.PFX or .P12) that contains your signing certificate and corresponding private key.
Procedure
| 1. | In the service provider or identity provider configuration, click Advanced Options. |
| 2. | Click Add a new certificate. |
| 3. | Enter the following information: |
|
Item |
Description |
|
Certificate Name |
Enter an identifying name for the signing certificate. |
|
Certificate Password |
Enter the password for the signing certificate. |
|
Choose File |
Click to navigate to the location of the certificate or drag and drop the certificate to this location. |
| 4. | Click Add Signing Certificate to add the signing certificates. |
The certificate is available to select from the Signing Certificate drop-down list.
The certificate is also listed in the Access Certificates tab.
Generating a signing certificate in Ivanti Access
The following provides the steps for generating a signing certificate in Ivanti Access.
Procedure
| 1. | In the service provider or identity provider configuration, click Advanced Options. |
| 2. | Click Generate certificate to generate and add the signing certificate. |
| 3. | For Certificate Name, enter a name to identify the signing certificate. |
| 4. | Click Generate Signing Certificate. |
The Certificate Name displays in the Signing Certificate drop-down list.
The certificate is also listed in the Access Certificates tab.