Skip to content

Renew a Client CertificateΒΆ

Entra Client certificates have an expiry time of one year.

The expiry time of the current certificate for a given tenant can always be seen in the Identity Providers tab in your Connect Organisation.

We recommend renewing certificates a short time before they expire, otherwise communication with Entra will fail.

Entra supports the use of multiple certificates, and Connect always uses the latest one that has been made active for authentication.

To generate a new certificate:

  1. In the Connect Control Service, browse to the Organisation that will use the Entra tenant.
  2. Open the Identity Providers tab.
  3. Find the relevant tenant in the list, and select the "Edit Tenant" button.

    Edit Tenant

  4. Select "Renew Certificate".

    Renew Certificate

    An updated expiration date will be displayed. You may wish to make a note of this.

  5. Select "Download Certificate" to retrieve the certificate - this will download with a filename of [organisation-code]-[tenant-name]-idp-cert.pem.


    You will not be able to download the certificate again after this step.

    Download Renewed Certificate

  6. You will be prompted to upload the certificate to your Microsoft Entra ID tenant.


    Do not press "Continue" or close the modal dialog until you have activated the certificate in Entra.

  7. In the Microsoft Entra admin center go to Applications -> App registrations -> All applications -> (Registration Name) -> Certificates & Secrets -> Certificates and upload the certificate.

    Azure Certificates

  8. Go back to the Connect Control Service and select "Continue". Client Certificate Continue

  9. Activate the certificate in Connect by selecting "Activate Certificate".

    Activate Certificate

  10. Select "OK" to dismiss the acknowledgement.

    Renewed Certificate Activated

Connect will now be using a certificate valid for another year.