We have no Support, and our SBM 11.8 certificates expire 12/25. What will happen upon expiration?

We don't use SSL.  I intend to change PVCS so it doesn't use SBM certificates for logon, so those certificates won't matter.

Conceivably there would develop incompatibility with servers, Oracle or other components before 12/25, but if not, just wondering if there's a consequence from expiring certificates.

  • 0  

    Hey  

    I assume you are looking at the Configurator to see the expiring certificates. Which screen is it on? Most likely, you need to do something before they expire, but the steps will differ depending on which certificate is expiring.

    Vickie

  • 0 in reply to   

    Hey Vickie,

    It's the Security screen > Component > STS, Federation Server, SSO Gatekeeper

    We use certificates for integration with PVCS, but I expect to change PVCS to LDAP login and abandon the certificates and association at some point.

    Our authentication is:

  • Verified Answer

    +1   in reply to 

    This certificate will cause SBM to go down and stop working. Even if you were not using SSO sessions, SBM itself still uses SSO under the cover. You will need to follow these steps: Serena Knowledgebase - SBM 10.1.1.4+ and SBM 11.x: How to generate new signed certificate trust keys for SBM and copy them to additional servers as needed (Generating SSO certificates)

    Because you are also using PVCS, be sure to follow the link at the bottom for Version Manager and follow those steps too. I'm sure you will recognize the steps. There are a lot and they look intimidating, but just take them one at a time.

    Vickie

  • 0 in reply to   

    Thank you, Vickie.  Regarding PVCS, after the last SBM active item is closed (that may be months away), I anticipate that I or my successor will turn off required association with SBM, and uncheck SBM SSO as the PVCS authentication method.  Instead, I'll use LDAP.  When that is done, I figure I would need to uncheck the Configurator PVCS VM certificate settings.  The SBM and PVCS VM certificates expire 12/3 and 12/4 2025, respectively.  I can leave instructions for generating new keys, or do it before I retire, slated for June 21.  It would appear that the certificates last 5 years; if that is correct and I do it now, they'll expire in 2029.  I'm looking into how long 11.8 can function with Oracle, server and OS/OS component upgrades.  Incidentally, while looking around the Configurator, I noticed that the PVCS server is unchecked on the Authentication > SSO Protected Hosts page.  Could that be why, in spite of the PVCS authentication using SBM SSO, users must log into PVCS every time?

  • 0 in reply to 

    According to PVCS Support, checking the checkbox for the PVCS server on the SSO Protected Hosts page is not needed, if the PVCS Web Client is working (it is).

  • 0

    In a kb article on certificates, I saw mentioned extending certificates, seemingly as an alternative to creating new ones.  Ours expire December 2025.  If I create new ones this week, they should expire in 2029.  Is there such a thing as extending the existing certificates, and if so, would there be any benefit from extending the existing certificates rather than generating new ones?  I noticed that the article said that the PVCS certificate import is slightly different for extended existing certificates than for new ones, but that's not an advantage.

  • 0   in reply to 

    I haven't seen anything about extending a certificate. I would request new certificates and follow the steps from the KB above to install them in SBM and copy to PVCS. It looks like you have over a year to get it done, which is nice. At least you don't have to rush . Slight smile