Hi Hugo,

A “Server Certificate”, so a certificate that allows HTTPS (often referred to as SSL or TLS and includes Digital Signature) is the only one you truly need on Tridion Docs 15. 

However, if you still use the deprecated built-in WS-Federation/WS-Trust secure token service (ISHSTS) and deprecated WcfSoapWithWsTrust (ISHWS/Wcf) on Tridion Docs 15 then you might in the past selected the “Server Application Process Certificate” (in the end also Digital Signature) depending on your company security standards on Windows Communication Foundation usage. Although here I would suggest to simplify by either reusing the “Server Certificate” for these cases or preferably migrate your custom code away from deprecated WcfSoapWithWsTrust.

As background for your question, we elaborated on this over the angle of certificate rollover, see https://docs.rws.com/en-US/tridion-docs-main-documentation-1165616/new-and-changed-in-version-15-1-3-1266341 and https://docs.rws.com/en-US/tridion-docs-main-documentation-1165616/new-and-changed-in-version-15.2.1-1266583

• Certificate rollover is only required for the deprecated built-in WS-Federation/WS-Trust secure token service (ISHSTS) and deprecated WcfSoapWithWsTrust (ISHWS/Wcf). It is no longer required for WcfSoapWithOpenIdConnect (ISHWS/OWcf). As a result, the certificate thumbnail used in WcfSoapWithOpenIdConnect (ISHWS/OWcf) can be removed from the file Websites\InfoShareWS\OWcf\Web.config (where it is configured in the form of a serviceCertificate element). Applying the 15.2.1 update removes the serviceCertificate element. Note that this fix requires you to have upgraded ISHDeploy to version 3.1.6.

Depending on which Tridion Docs Update version, like 15.1.3 or 15.2.2, you used the Windows application server ISHDeploy PowerShell library. Starting from ISHDeploy 3.1.6 when executing the Set-ISHAPIWCFServiceCertificate would simply remove the usage.

Best wishes,
Dave

Hi Hugo,

A “Server Certificate”, so a certificate that allows HTTPS (often referred to as SSL or TLS and includes Digital Signature) is the only one you truly need on Tridion Docs 15. 

However, if you still use the deprecated built-in WS-Federation/WS-Trust secure token service (ISHSTS) and deprecated WcfSoapWithWsTrust (ISHWS/Wcf) on Tridion Docs 15 then you might in the past selected the “Server Application Process Certificate” (in the end also Digital Signature) depending on your company security standards on Windows Communication Foundation usage. Although here I would suggest to simplify by either reusing the “Server Certificate” for these cases or preferably migrate your custom code away from deprecated WcfSoapWithWsTrust.

As background for your question, we elaborated on this over the angle of certificate rollover, see https://docs.rws.com/en-US/tridion-docs-main-documentation-1165616/new-and-changed-in-version-15-1-3-1266341 and https://docs.rws.com/en-US/tridion-docs-main-documentation-1165616/new-and-changed-in-version-15.2.1-1266583

• Certificate rollover is only required for the deprecated built-in WS-Federation/WS-Trust secure token service (ISHSTS) and deprecated WcfSoapWithWsTrust (ISHWS/Wcf). It is no longer required for WcfSoapWithOpenIdConnect (ISHWS/OWcf). As a result, the certificate thumbnail used in WcfSoapWithOpenIdConnect (ISHWS/OWcf) can be removed from the file Websites\InfoShareWS\OWcf\Web.config (where it is configured in the form of a serviceCertificate element). Applying the 15.2.1 update removes the serviceCertificate element. Note that this fix requires you to have upgraded ISHDeploy to version 3.1.6.

Depending on which Tridion Docs Update version, like 15.1.3 or 15.2.2, you used the Windows application server ISHDeploy PowerShell library. Starting from ISHDeploy 3.1.6 when executing the Set-ISHAPIWCFServiceCertificate would simply remove the usage.

Best wishes,
Dave