Replacing an existing certificate for token signing
To replace a token signer certificate, perform the following steps:
- Make sure that the running nevisAuth server is able to work with the old certificate (for example by renaming it or by providing the new certificate at a different location).
- Distribute the new signer certificate (that is, the public key) to all applications that are verifying the security token. Add the signer certificate and make sure the application reads it (an application restart may be necessary). For details about integration tasks and configuration settings, refer to the corresponding component documentation.
- Replace the signer certificate on the nevisAuth server and restart it.
- Remove the old public key from all applications.