Certificate renewal
If you received and email like the following one, that means the certificate used by some applications will expired soon or has already expired:
You receive this message because you are a Trustelem administrator for -Trustelem subscription-.
The following applications are federated using the certificate -Name of the certificate- that has expired on 2021-12-18 at 14:14.
• MyApp 1
• MyApp 2
It is recommended that you reconfigure those applications as soon as possible to use a more recent certificate to avoid any service outage.
The applications might refuse the authentication if the certificate used has expired, so it is important to fix this situation.
Generate a new certificate
Go to your Trustelem admin page, then Security settings, then Application certificates and click on +Create.
Change the applications certificate
OpenID Connect applications
- On Trustelem, edit the app
- Change the certificate to the new one
- Verify if the authentication works
Note: with OpenID Connect, you shouldn' have to change the certificate in the application directly. But in some rare cases it might happen. So if the authentication isn't working, get back to the old certificate on the Trustelem application, then go to the application and verify if the certificate is provided in the setup.
SAML applications
- On Trustelem, edit the app
- Change the certificate to the new one
- On the application, change the certificate use in the SAML setup to the new one
- it is not necessary if the certificate is recovered using the Trustelem metadata URL
- the application can ask to upload the new Trustelem metadata file instead
- Verify if the authentication works
Note: the applications rarely use the URL for the certificate. So you will probably have to change the certificate or the metadata manually. The consequence will be a short indisponibility between the change on Trustelem and the change on the application.
For O365
Office doesn't have a web interface to change the certificate : you will need Powershell.