Impacts of Expiring Okta.com TLS Certificate
Mar 3, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Custom URL Domains
Overview
This article describes how to determine if an organization is affected by the expiring Transport Layer Security (TLS) certificate for Okta.com. It addresses the notification regarding the upcoming certificate expiration and provides guidance on assessing potential impact.
Applies To
- TLS
- Certificate
Solution
The new Okta TLS certificate relies on a valid DigiCert Global Root Certificate Authority (CA) certificate. This is a common certificate that is typically present and updated in trusted certificate stores.
- Consult with the Information Technology (IT) Network Administration team to confirm the DigiCert Global Root CA certificate is present and has not expired.
- Identify custom applications that access Okta and utilize independent key stores.
- Ensure the certificate is in place within those specific application key stores.
- Coordinate with application developers to verify these requirements are met.
NOTE: This change does not impact the self-signed certificate used by Okta Security Assertion Markup Language (SAML) application integrations.
