Renew a Client CertificateΒΆ
Entra Client certificates have an expiry time of one year.
The expiry time of the current certificate for a given tenant can always be seen in the Identity Providers tab in your Connect Organisation.
We recommend renewing certificates a short time before they expire, otherwise communication with Entra will fail.
Entra supports the use of multiple certificates, and Connect always uses the latest one that has been made active for authentication.
To generate a new certificate:
- In the Connect Control Service, browse to the Organisation that will use the Entra tenant.
- Open the Identity Providers tab.
-
Find the relevant tenant in the list, and select the "Edit Tenant" button.
-
Select "Renew Certificate".
An updated expiration date will be displayed. You may wish to make a note of this.
-
Select "Download Certificate" to retrieve the certificate - this will download with a filename of
[organisation-code]-[tenant-name]-idp-cert.pem
.Warning
You will not be able to download the certificate again after this step.
-
You will be prompted to upload the certificate to your Microsoft Entra ID tenant.
Warning
Do not press "Continue" or close the modal dialog until you have activated the certificate in Entra.
-
In the Microsoft Entra admin center go to
Applications -> App registrations -> All applications -> (Registration Name) -> Certificates & Secrets -> Certificates
and upload the certificate. -
Go back to the Connect Control Service and select "Continue".
-
Activate the certificate in Connect by selecting "Activate Certificate".
-
Select "OK" to dismiss the acknowledgement.
Connect will now be using a certificate valid for another year.