Certificate renewal If you received and email like the following one, that means the certificate used by some applications will expired soon or has already expired: You receive this message because you are a Trustelem administrator for -Trustelem subscription-. The following applications are federated using the certificate -Name of the certificate- that has expired on 2021-12-18 at 14:14. • MyApp 1 • MyApp 2 It is recommended that you reconfigure those applications as soon as possible to use a more recent certificate to avoid any service outage. The applications might refuse the authentication if the certificate used has expired, so it is important to fix this situation. Generate a new certificate Go to your Trustelem admin page, then Security settings, then Application certificates and click on +Create. Change the applications certificate OpenID Connect applications On Trustelem, edit the app Change the certificate to the new one Verify if the authentication works Note: with OpenID Connect, you shouldn' have to change the certificate in the application directly. But in some rare cases it might happen. So if the authentication isn't working, get back to the old certificate on the Trustelem application, then go to the application and verify if the certificate is provided in the setup. SAML applications On Trustelem, edit the app Change the certificate to the new one On the application, change the certificate use in the SAML setup to the new one it is not necessary if the certificate is recovered using the Trustelem metadata URL the application can ask to upload the new Trustelem metadata file instead Verify if the authentication works Note: the applications rarely use the URL for the certificate. So you will probably have to change the certificate or the metadata manually. The consequence will be a short indisponibility between the change on Trustelem and the change on the application. For O365 Office doesn't have a web interface to change the certificate : you will need Powershell. On Trustelem, edit the O365 app Change the certificate to the new one Open the documentation and copy $cert = ... Start Powershell and run the following lines