When your self-signed SAML signing certificate expires, you must regenerate a new signing certificate in the Workspace ONE Access console and reconfigure all SAML service provider and identity provider configurations with the updated SAML metadata files.
Take a snapshot of your Workspace ONE Access virtual appliance, connectors, and database before you update the SAML metadata.
- In the Workspace ONE Access console page, select .
- To confirm that the certificate has expired, open the Service Provider metadata file and the Identity Provider metadata file to see the validUntil date.
- To create a new self-signing certificate, in the Signing Certificate section on the SAML Metadata page, click REGENERATE.
The self-signed certificate is regenerated and the Service Provider and Identity Provider metadata is updated. Open the files to view the updated validUntil date.
What to do next
Make the SAML metadata available to the third-party identity provider instances. In the SAML Metadata page, copy and save the service provider and identity provider metadata files. Reconfigure your SAML service provider and identity provider configuration with the updated SAML metadata files.
Note: If you use an external signed CA certificate that expired, create a new Certificate Signing Request in the Workspace ONE Access service.