Updating the certificate used by custom SAML resources

We periodically have to update the certificate used to secure messages between OpenAthens and SAML based resources. Each certificate lasts several years.

We are currently updating our encryption certificate within our metadata. If your organisation has any custom SAML resources (also know as 1:1 connections or peer-to-peer connections) you and your team will need to take action to maintain access.

Updates must be in place before Monday 3 February 2025

In the months before the update takes effect, we’ll contact you about the changes you’ll need to make. When you get such a notice, be sure to pass it to the people who can make the changes. It will probably include a link to this page.

What does your organisation need to do?

You will need to update all of your custom SAML resources.

How this will be done will vary between resources. In some cases you can make the update yourself via an interface, in some you will need the resource to make the update for you. In extreme cases you may need to delete and recreate the resource (stats will be unaffected as long as you keep the same name and entityID).

For resources that ask for or allow a manually updated certificate, we will have told you what the new one is ahead of time (see below).

Some resources may let you upload the new certificate ahead of the change and allow both to work at the same time. Where this is possible it means no break in service.

If the resource can only support one certificate at a time you will need to wait for the day of the change. This will mean resources are unavailable until the update is made

Where a resource asks for or requires complete metadata, it will be the one you find via: How to access your login.openathens.net metadata. These resources may not be possible to update before the certificate changes.

If you don’t have notes on the set-up of your 1:1 resources you should start checking their update methods as soon as possible after we alert you to an upcoming certificate change - that way you will be ready when the time comes with a plan of what to do, when, and which 3rd parties you need to do things for you at their end.

Support

Our service desk are always happy to help but may be busier than usual near to a certificate change.

Current certificate

This will become the old certificate

View summary

Issued To: E=athenshelp@eduserv.org.uk, C=GB, ST=Somerset, L=Bath, O=Eduserv, OU=OpenAthens, CN=gateway.athensams.net
Issued By: E=athenshelp@eduserv.org.uk, C=GB, ST=Somerset, L=Bath, O=Eduserv, OU=OpenAthens, CN=gateway.athensams.net
Serial Number: 54 ec 42 22
Issued On: Tue Feb 24 2015 09:20:06 GMT+0000 (Greenwich Mean Time)
Expires On: Mon Feb 24 2025 09:20:06 GMT+0000 (Greenwich Mean Time)
SHA-256 Fingerprint: 32 9d 94 4c 88 db 14 98 4d b2 91 78 df ad 3b 39 da 80 01 1a 75 50 2a 80 d5 69 9b 57 7c 9b b2 aa
SHA-1 Fingerprint: 0e ae 65 d2 77 e2 63 b7 17 be 07 1a 5d 85 25 75 21 29 da 8d

New certificate details

This certificate example is the one [being] made live on 3 February 2025 12:00 UTC

Not Before: Apr 9 13:15:36 2024 UTC

Not After : Apr 9 13:15:36 2034 UTC

Serial number: 33e64f9cd5aef2c20b113d3cf08a36c34d80e715

CODE