secadm ssoconfig managecert - Security Administration: Lsauthensso certificate

The lsauthensso certificate is a self-signed certificate used to secure and encrypt connections between the Landmark security server, which is Lase, and a security client. These security clients include servers, command line executables, and distributed SSO applications. The lsauthensso certificate is stored in two key stores, .ssokeystore and .ssotruststore, and has a validity period of 10 years. You must renew this certificate upon expiry to maintain secure communications.

The secadm ssoconfig managecert command enables you to list, create, delete, renew, and backup the lsauthensso, and is developed to automatically renew expiring lsauthensso certificates.

You can use these secadm ssoconfig managecert commands to manage lsauthensso certificate:

  • secadm ssoconfig managecert lsauthensso renew
  • secadm ssoconfig managecert ssokeystore list
  • secadm ssoconfig managecert lsauthensso listssokeystore
  • secadm ssoconfig managecert ssotruststore list
  • secadm ssoconfig managecert lsauthensso listssotruststore
  • secadm ssoconfig managecert lsauthensso create
  • secadm ssoconfig managecert lsauthensso delete
  • secadmssoconfig managecert ssostore backup
Note: Before renewing the lsauthensso certificate, we recommend to shut down the environment first, run the authen.dat command, and backup the authen.dat, .ssokeystore, and .ssotruststore files.

This table shows the secadm ssoconfig managecert parameters and their functions:

Parameter Description
lsauthensso renew Renews the lsauthensso certificate for another 10 years.
ssokeystore list Lists the content details of the .ssokeystore and verifies the certificate expiration dates and duration.
lsauthensso listssokeystore Lists the lsauthensso certificate details in the .ssokeystore.
ssotruststore list Lists the content details of the .ssotruststore and verifies the certificate expiration dates and duration.
lsauthensso listssotruststore Lists the lsauthensso certificate details in the .ssotruststore.
lsauthensso create Creates the lsauthensso certificate in the .ssokeystore if the certificate does not exist. The certificate is valid for 10 years and the .sso store is backed up before certificate creation.
lsauthensso delete Deletes the lsauthensso certificate if the certificate exists in the .ssokeystore.
ssostore backup Creates a backup of the .ssokeystore. The backup is in the same directory as the existing .ssokeystore.