If you have set up SSO with OnBrand, you may require new certificates whenever the existing ones are about to expire. This article explains how to request the certificates for the OnBrand portal, as well as the steps that need to be carried out to ensure they are properly updated in your production environment.
In order to request the updated certificates, you will need to open a ticket with Support, who will liaise directly with the Infrastructures Team, in charge of handling security certificates. Please make sure to include the following in your request:
- The date on which the certificates are set to expire. This will ensure that your request is attended in a timely manner.
- Any additional information about the certificate in question such as the URL endpoints, identifiers, etc., especially if you have several brand dashboards using separate certificates.
As certificates are handled by SaaS, you will need to create a SaaS Request in the PLNP project on Jira. Make sure to include all the details provided by the customer. Please refer to the Unify/OnBrand Routing Table for more information on how to escalate a ticket to SaaS.
Once the SaaS team gets back to you with the .crt files, they will request that you let them know when the customer has updated the certificates, so that they may update the certificate on our side.
Provide these files to the customer and inform them that we will be awaiting confirmation from them, so that we may update the certificates accordingly on our end.
Once our agents get back to you, they will provide you with the requested certificate. Note that a chain certificate will also be provided, which is not required by all customers (see What is the SSL Certificate Chain? for more information).
Once you have been able to update the existing certificates, please let us know on the ticket. This is important, as the Infrastructures Team will also need to update these certificates on our end.
Once the certificates have been correctly updated, you should continue to be able to use the SSO functionality securely, and all warnings about certificate expiry should disappear.