Skip to main content


Update an expired application certificate


Do not remove the old certificate until you have completed these steps.

  1. Generate a self-signed certificate, using the appropriate settings for the application (SP).

  2. For the relevant application, Edit an application.

  3. Go to the Configuration tab.

  4. In the X509 Certificate field, select the new certificate you generated in step (1).

  5. Click Save.

  6. For the old certificate, Remove a certificate.

  7. Optional: If the application's Encrypt Assertion toggle is enabled, you may also need to repeat steps (1) - (6) for the X509 Encryption Certificate.

  8. Retrieve the application's metadata file (which contains the X509 certificate's signature) and provide it to the SP.

    1. For the relevant application, Edit an application.

    2. Click Download Metadata.

    3. Provide the downloaded XML file to the SP.