Configure a custom certificate for SSO in Collibra Console

If you configure single sign-on for accessing Collibra Console, a default certificate is used. You can use this certificate for signing SAML authn requests.

Instead of the default certificate, you can use your own certificate. However, keep in mind that you can only configure SSO with your own certificate via a REST API call.

Prerequisites

The certificate must meet the following requirements:
- The certificate must be in PEM format.
- The PEM file must be unencrypted (no password).
- The PEM file must contain the server certificate the private key of that certificate.
Tip To convert a key to a PEM key: openssl rsa -in <pem-key>.key -out <rsa-key>.pem
Example PEM file:

-----BEGIN PRIVATE KEY----- MIIEvgIBADA ... bml6YXRpb252YWxza .... z3P668YfhUbKdRF6S42Cg6zn -----END PRIVATE KEY----- # Your certificate -----BEGIN CERTIFICATE----- MIIFaDCCBFC ... bml6YXRpb252YWxza ... lffygD5IymCSuuDim4qB/9bh7oi37heJ4ObpBIzroPUOthbG4gv/5blW3Dc= -----END CERTIFICATE-----
A base64 encoding hash of an API user.
Tip You can calculate the base64 hash of the user as follows: echo '<username>:<password>' | base64, for example echo 'apiUser:apiUserpassword' | base64 results in YXBpVXNlcjphcGlVc2VycGFzc3dvcmQK

Steps

curl --location --request POST \
  https://<your-collibra-console-url>/rest/samlconsole/certificate \
  --header 'Authorization: Basic <base-64 encoding hash>' 
  --form 'file=@"/path/to/pem-file"'