Does updating the x509 with a different "issued to" certificate name keep the alias and all existing partnerships in place?

Document ID : KB000012360
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Does updating the x509 with a different "issued to" certificate name keep the alias and all existing partnerships in place when using Ca Sso Federation ?

Environment:
Ca single sign on 12.6 (Siteminder)
Answer:

This functionality exists using secondary verification certificates which exists in our New 12.6 Ca Single Sign On  Version (Siteminder).  

Only the 12.6 version can configure a secondary verification certificate alias at the IdP and SP to verify the signatures on messages.

A remote entity can issue a new verification certificate any time.  A sentence to best answer the particular question above is the following 

Specifying a secondary verification certificate eliminates the need to coordinate system-wide updates of signing and verification certificates simultaneously.

 

This information above is based on the link below in  Additional Information

 

 

Additional Information:

 

For Additional Information use the following link

https://docops.ca.com/ca-single-sign-on/12-6/EN/release-notes/new-features/federation-new-features