Recommendations for Rhythm SSL Certificate Management

Use these guidelines to manage Rhythm SSL certificates:
  • Ensure to upload the certificates in this sequence: Leaf, Intermediate, Root.
  • To view or update the certificate of a specific site, sign in to that site, and access Rhythm SSL Certificate Management.
  • If you upload a wildcard certificate and create a new virtual host, Rhythm SSL Certificate Management does not show a certificate. By default, the wildcard certificate is used. To reflect that, upload the wildcard certificate in the new virtual host that you created.
  • If a certificate specific to a site is uploaded and you upload a valid wildcard certificate to replace it, Rhythm SSL Certificate Management accepts and shows the wildcard certificate. By default, the site-specific certificate has the highest priority. To reflect that, upload and retain the site-specific certificate.
  • To configure when the Expiring Soon badge will show, set the SSL Expiration Notification value in System Settings > Rhythm Platform > Rhythm SSL. The system rounds down expiration values to the nearest whole number. Any value greater than a whole number but less than the next whole number is treated as that whole number. For example, if you upload a certificate that will expire in 5 months and 20 days, the confirmation modal will indicate that the certificate is expiring in 5 months.

  • If you have External SSO configured and you updated the SSL certificate of your site, you also need to upload the latest Service Provider (SP) metadata to your ADFS IDP server. Download the SP metadata.xml of Rhythm Portal through the URL: https://<Portal Instance URL>/o/rhythm-sso-portlet/saml/metadata. Add the SP metadata.xml in ADFS.