Signing Certificate Rotation Issues


Background

On November 16th, 9 AM EST, Bentley IMS team conducted planned maintenance which resulted in the yearly rotation of our signing certificate.

Signing certificates have two primary parts - public and private keys. IMS issues tokens and certain responses signed with the private key. Receiving applications can use the public key broadcast in our metadata to validate that the responses and tokens received actually came from IMS signed by the private key IMS maintains. From the point of rotation, all tokens and responses from IMS are issued tokens using the new private key and applications should start to validate tokens using the new public key.

 

Issue

The latest version of CONNECTION Client resulted in the application continuing to maintain the token signed by the previous signing cert. This resulted in applications failing to receive a token from the CONNECTION Client for their own application to use, resulting in authentication failures in those applications. 

 

Resolution

For users which still face issues with their Bentley applications, the user needs to clear the tokens that the CONNECTION Client is currently holding onto. This can be done in most circumstances by simply signing out and back into CONNECTION Client with the following steps:

 

  1. Close all Bentley applications such as ProjectWise or MicroStation
  2. Open the CONNECTION Client
  3. Click your initials in the top right corner
  4. Click "Sign Out"
  5. Sign back into the CONNECTION Client
  6. Reopen your Bentley application and try to sign in again

 

While this should resolve most if not all authentication problems resulting from this, if your issue continues, please provide both the Bentley CONNECTION Client logs and the Fiddler trace in a support case to Bentley's support team. You can submit a service case here - https://bentleysystems.service-now.com/csp

 

Please provide both the Bentley logs collected and the Fiddler trace in a ticket to Bentley's support team. Refer to the following WIKI's

How to collect logs

https://bentleysystems.service-now.com/community?id=kb_article&sysparm_article=KB0018715

 

Performing a Fiddler trace

https://bentleysystems.service-now.com/community?id=kb_article_view&sysparm_article=KB0019418

Once Fiddler is downloaded and capturing traffic, repeat steps 1-6 to reproduce the issue for the Fiddler capture.

 

We appreciate your patience and cooperation.