<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Update Certificate Chain for an Existing Smart Card IDP
Jan 20, 2026
Okta Classic Engine
Okta Identity Engine
Multi-Factor Authentication
Overview

This article outlines the steps needed to update a Smart Card IDP with a new certificate chain using the certificate chain builder.

Applies To
  • Updating an existing Smart Card IDP requires building a new certificate chain to replace one nearing expiration.
  • Multi-Factor Authentication (MFA)
Solution
  1. Navigate to Security > Identity Providers.
  2. The configuration settings are accessed by finding the IDP and choosing Actions > Configure Identity Provider.
  3. Before clicking Reset certificate chain, make sure to click Edit at the top right.
  4. Click Reset Certificate Chain.
  5. Add each certificate in the chain using the Browse option.
  6. Select all certificates and click Build Certificate Chain.
    1. This should say "Certificate chain successfully built" and not result in any errors if the certificate chain is valid.
  7. To save the changes, click "Update Identity Provider" at the bottom of the page to submit.

Recommended content

Still looking for help?
Loading
How to Update Certificate Chain for an Existing Smart Card IDP