<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Replace a Service Provider Signing Certificate in Okta
Sep 15, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article explains the step-by-step process for replacing a signing certificate in the Okta Admin Console Session for Custom Security Assertion Markup Language (SAML) applications. It guides the user through selecting the application, navigating to the SAML Settings, and uploading the new certificate.

Applies To
  • Custom Security Assertion Markup Language (SAML) apps with an SP Signing Certificate
  • Single Sign-On (SSO)
Solution

The following video shows how to replace a service provider signing certificate in Okta.


 

  1. In the Okta Admin Console Session, click Applications.
  2. Select the application intended for certificate replacement.
  3. Select the General tab.
  4. Scroll to SAML Settings and click Edit.
  5. Click Next, then click Show Advanced Settings.
  6. Find the Signature Certificate file name.

Signature Certificate

  1. Click on Browse files....
  2. Select the .crt file to upload and click Upload Certificate.
  3. Click Next.
  4. Click Finish.
 

Recommended content

Still looking for help?
Loading
How to Replace a Service Provider Signing Certificate in Okta