Once the contents of the certificate bundle .zip file have been extracted, create a .pfx file consisting of the new certificate and its corresponding private key. For example, using the openssl utility:
Configure the RSA SecurID Access IWA connector to use the new .pfx file for signing identity assertions:
On the IWA server, click Start > Configure RSA SecurID Access IWA Connector.
Set the Issuer Signing Certificate to point to the new PFX file path. For example: C:\inetpub\wwwroot\RSASecurIDAccessIWAConnector\config\IWASAML.pfx. Alternatively, backup the existing IWA .pfx file being replaced and then copy the new .pfx file into same/existing IWA .pfx file path.
Configure the IDRs to use the new IWA certificate for identity assertion verifications:
In the Administration Console menu, select Users > Identity Providers.
Edit the IWA identity provider as in step 1 above.
At the bottom of the Connection Profile tab, use the Select File button to load the new cert.pem IWA SAML certificate.
Finish the wizard and then publish the changes.
Verify that users can access the RSA SecurID Access application portal using IWA as before.