Introduction

Certificates allow HelloID to communicate securely with applications (service providers) and identity providers. Within HelloID, you may create new certificates or import your own. Navigate to Settings > Certificates to get started.

Create a New Self-Signed Certificate

Self-signed certificates created in HelloID provide a fast and easy way to establish secure communication between HelloID and a service or identity provider.

All self-signed certificates have a lifetime of two years.

1. On the Certificates overview, select the Create Self-signed certificate button.
   
2. In the following form, enter information about the new certificate and your organization.
   • Name of Certificate
     The name of the Certificate displayed in the Certificate List. We recommend putting the current date in the name so that you know at-a-glance when the certificate was created.
   • Country Name
     Select the country where your organization is legally located.
   • Locality Name
     The city where your organization is legally located.
   • State or Province Name
     The State or province where your organization is legally located.
   • Organization Unit Name
     Section of the organization, such as the department (optional).
   • Organization Name
     The exact legal name of your organization.
   • Email Address
     The email address used to contact your organization.
   • Common Name (domain)
     Enter the URL of your organization's HelloID portal (e.g., enyoi.helloid.com).
   
3. Select the Save button to create your new certificate.

Import a Certificate

If you have a certificate that you would like to use, you may upload it to HelloID.

1. On the Certificates overview, select the Import certificate button.
   
2. Enter a name for the certificate. Provide a descriptive name that identifies the purpose of the certificate.
   
3. Choose to either Paste or Upload the X.509 certificate. In this example, we will be uploading a certificate file.
   
4. If the certificate has uploaded correctly, it appears in the Certificate text box. Select the Save button to finish the import.
   

Export a Certificate

1. In the Certificates overview, select the Details link of the certificate you want to export.
   
2. In the Download certificate section, choose the format you wish to download and select the Download button. Two formats are available for download:

• .CER: The X.509 certificate that contains only the public key.
• .PFX: PKCS#12 archive containing the X.509 certificate and private key with optional password protection.

Delete a Certificate

1. In the Certificates overview, select the Delete link of the certificate you want to delete.
   
2. Select the Delete button to confirm.
   

View active certificates and expiration dates

To view a list of certificates currently being used, select the Show certificate usage in applications button in Settings > Certificates.

This page lists certificates (and their expiration dates) which are currently being used for:

• Identity Providers (IdPs)
• Applications (Service Providers)
• The HelloID portal's own certificate—but only if you're using a custom URL. If you're using the standard https://<customer>.helloid.com domain, then HelloID provides and renews the certificate for you.

Expired certificates are displayed in red text. Note that it may take up to 24 hours for data on this page to be populated or refreshed.

Learn how to update an expired IdP certificate, or update an expired application certificate.

Expiration Email Notifications

You will receive repeated notification emails when a certificate is about to expire. HelloID sends an email:

• 4 weeks before the expiration date
• 2 weeks before the expiration date
• 1 week before the expiration date
• Every day of the week before the expiration date
• On the expiration date
• Every day after the expiration date, until the certificate is renewed

These emails are sent to the address which Tools4ever has on internal file for your organization's portal. Contact HelloID support if you need to change this email address.

Notifications are sent for all certificates displayed on the Show certificate usage in applications page. To disable notifications for a specific certificate, turn off its Notification toggle.

Certificate expiration warnings are also reported through HelloID's incidents system. These incidents are always reported and aren't tied to the Notification toggles in this section. (If you have email notifications enabled for incidents, you will receive duplicate email notifications for expiring certificates.)

Next: Logging >>