Skip to main content
Skip table of contents

Updating the certificate used by custom SAML resources

We periodically have to update the certificate used to secure messages between OpenAthens and SAML based resources. Each certificate lasts several years.

In the months before the update takes effect, we’ll contact you about the changes you’ll need to make. When you get such a notice, be sure to pass it to the people who can make the changes. It will probably include a link to this page.

What does your organisation need to do?

You will need to update all of your custom SAML resources.

How this will be done will vary between resources. In some cases you can make the update yourself via an interface, in some you will need the resource to make the update for you. In extreme cases you may need to delete and recreate the resource (stats will be unaffected as long as you keep the same name and entityID).

For resources that ask for or allow a manually updated certificate, we will have told you what the new one is ahead of time (see below).

Some resources may let you upload the new certificate ahead of the change and allow both to work at the same time. Where this is possible it means no break in service.

If the resource can only support one certificate at a time you will need to wait for the day of the change. This will mean resources are unavailable until the update is made

Where a resource asks for or requires complete metadata, it will be the one you find via: How to access your login.openathens.net metadata. These resources may not be possible to update before the certificate changes.

If you don’t have notes on the set-up of your 1:1 resources you should start checking their update methods as soon as possible after we alert you to an upcoming certificate change - that way you will be ready when the time comes with a plan of what to do, when, and which 3rd parties you need to do things for you at their end.

Support

Our service desk are always happy to help but may be busier than usual near to a certificate change.

Current certificate

This will become the old certificate

View summary
  • Issued To: E=athenshelp@eduserv.org.uk, C=GB, ST=Somerset, L=Bath, O=Eduserv, OU=OpenAthens, CN=gateway.athensams.net

  • Issued By: E=athenshelp@eduserv.org.uk, C=GB, ST=Somerset, L=Bath, O=Eduserv, OU=OpenAthens, CN=gateway.athensams.net

  • Serial Number: 54 ec 42 22

  • Issued On: Tue Feb 24 2015 09:20:06 GMT+0000 (Greenwich Mean Time)

  • Expires On: Mon Feb 24 2025 09:20:06 GMT+0000 (Greenwich Mean Time)

  • SHA-256 Fingerprint: 32 9d 94 4c 88 db 14 98 4d b2 91 78 df ad 3b 39 da 80 01 1a 75 50 2a 80 d5 69 9b 57 7c 9b b2 aa

  • SHA-1 Fingerprint: 0e ae 65 d2 77 e2 63 b7 17 be 07 1a 5d 85 25 75 21 29 da 8d

New certificate details

This certificate example is the one [being] made live on 3 February 2025 12:00 UTC

Not Before: Apr  9 13:15:36 2024 UTC

Not After : Apr  9 13:15:36 2034 UTC

Serial number: 33e64f9cd5aef2c20b113d3cf08a36c34d80e715

CODE
-----BEGIN CERTIFICATE-----
MIID+TCCAuGgAwIBAgIUM+ZPnNWu8sILET088Io2w02A5xUwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAkdCMRkwFwYDVQQIDBBCcmlzdG9sLCBDaXR5IG9mMQ0w
CwYDVQQKDARKaXNjMR8wHQYDVQQDDBZnYXRld2F5Lm9wZW5hdGhlbnMubmV0MTEw
LwYJKoZIhvcNAQkBFiJmZWRlcmF0aW9uLXNlY3VyaXR5QG9wZW5hdGhlbnMubmV0
MB4XDTI0MDQwOTEzMTUzNloXDTM0MDQwOTEzMTUzNlowgYsxCzAJBgNVBAYTAkdC
MRkwFwYDVQQIDBBCcmlzdG9sLCBDaXR5IG9mMQ0wCwYDVQQKDARKaXNjMR8wHQYD
VQQDDBZnYXRld2F5Lm9wZW5hdGhlbnMubmV0MTEwLwYJKoZIhvcNAQkBFiJmZWRl
cmF0aW9uLXNlY3VyaXR5QG9wZW5hdGhlbnMubmV0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsc/LNDF5S/9kLO/j/tv/fgLWyf/LUEMrdCE3IFSxLKQc
EBWYzHp9/ihLMIiukHzi/okzdcwp8DObBAs6fRmELzmwZ9ACgDFWu410dYVSI/Bh
BTg7791MzrO8u7bAt4g27QJRP9Akw19ZqytRR8GbC6HYkGXL2b/zOvvmkjtjBZoO
Qy8cd1o65xm6fkfCMDIbYAsxi0UXNBk/lifh/rLLMv7E/WUpCFtw1IDp22g10QCC
Fv4wwPgPTMCgFKtxlsiCe9dYrAaHtAryOJ4GQ242fig0LMU3cRe1Fr/3MSuc0M2B
5mSwHgj/1w5L44X3vg6E91kgtdUjCdbLp0XeMBipDwIDAQABo1MwUTAdBgNVHQ4E
FgQUms57hFh1e+SmuOrSFbOz4PE8nWwwHwYDVR0jBBgwFoAUms57hFh1e+SmuOrS
FbOz4PE8nWwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAewlr
WYe3uY1UIZ5kd6ZBpFeWuv+N5yzFRSnGkjZyBYZNRuBQdnLadYRWJ8E57e1aDDHT
hrsK8e2aABa7b4uzpeOfiSFW3InPDR/XbAO92xvTGnBisBrOHSXe08gi+cWz0ORc
0wWZmN3fNQyiaDZ1AIirf25E3noetBF4kIDzFs7OLca+pCDfGcj32OEGnDs4h+gF
YfFI87CaEE2tBqqfcpk/ec5LOu7sNHOrBb5f77xwXffoubhSK4QMoUIpWwuL0W7I
/N9rcFL5YjAJ2EKfWbXllAGyDKj9Y+48RdtGK5Sxbfkf4T7utehVerqF2k0IbI+u
E/EFXheIvEglUQpe9w==
-----END CERTIFICATE-----
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.