<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VRDSA3Okta Classic EngineOkta Integration NetworkAnswered2025-06-14T10:29:51.000Z2018-03-27T20:07:24.000Z2018-03-27T20:07:24.000Z

wllqx (wllqx) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Changing 509 certificates
We have a vendor who uses QlikView to host some of our reports.  We need to create a new Okta App per dashboard.  So when we authenticate there is a gateway and we have been using the same 509 cetificate for many months.  

 

The 509 certificate has changed in our Org and now we have to create a new gateway when we create new reports.    

 

We want to avoid having multiple gateways.  Is there a way to update a 509 certificate on old apps?   How often to 509 certificates change in the Okta app (is it when a new version is pushed or on a time scale)?
  • 1 answer
  • 1.51K views

  • JP Manansala (Okta, Inc.)

    Hi John,

     

    Thanks for posting your inquiry in Okta Community portal.

     

    The default certificate generated for all SAML App instances is an X.509 certificate with a SHA1 or SHA256 based signature. SHA1 is insecure and has been deprecated in favour of the stronger SHA256 family. Customers have also been requesting the ability to generate SHA256 signed certificates for their app instances. Below is a link on how you can update your SHA1 to SHA256 or rollover from SHA256 to SHA1. The current work covers only updating the certificate for SAML 2.0 apps, not SAML 1.1 apps. Also, this would NOT involve changing the default Org certificate that is generated when an org is created.

     

    There is no specific lifecycle for the SAML certificate unless the Service Providers (ISV) is requiring to have the latest SAML cert which we can update and deploy on a scheduled time. Okta will provide advance warning on this kind of maintenance.

     

    https://developer.okta.com/docs/how-to/updating_saml_cert

     

    Best,

     

    JPM
    Expand Post
This question is closed.
Loading
Changing 509 certificates