Updating signing certificates for OpenAthens IdPs
We are currently updating our encryption certificate within our metadata. You and your team may need to take action to maintain access for our mutual customers.
Updates must be in place before Monday 3 February 2025
As a hub and spoke style federation, all of our IdPs are run by us and use the same signing and encryption certificate to secure communication between OpenAthens and you.
Certificates eventually expire and we will contact you in the months leading up to any change to let you know about it. When this happens…
What you have to do
If you use Keystone
It will all happen automatically in the background with no break in service.
If you use software that checks and caches federation metadata
It should pick up the change automatically from the metadata aggregate. You may want to plan a refresh to happen shortly after a change.
If you can support additional certificates then you can avoid any downtime. Check your software’s documentation, likely labelled trust store or similar. We will provide you with details of the certificate when we alert you (see below)
If you use software you have to configure separately for each IdP
You will need to update the certificates in your trust store for these IdPs; we will provide you with details of the certificate when we alert you (see below)
Support
Our service desk are always happy to help but may be busier than usual near to a certificate change.
Current certificate
This will become the old certificate
New certificate details
This certificate example is the one [being] made live on 3 February 2025 12:00 UTC
Not Before: Apr 9 13:15:36 2024 UTC
Not After : Apr 9 13:15:36 2034 UTC
Serial number: 33e64f9cd5aef2c20b113d3cf08a36c34d80e715
-----BEGIN CERTIFICATE-----
MIID+TCCAuGgAwIBAgIUM+ZPnNWu8sILET088Io2w02A5xUwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAkdCMRkwFwYDVQQIDBBCcmlzdG9sLCBDaXR5IG9mMQ0w
CwYDVQQKDARKaXNjMR8wHQYDVQQDDBZnYXRld2F5Lm9wZW5hdGhlbnMubmV0MTEw
LwYJKoZIhvcNAQkBFiJmZWRlcmF0aW9uLXNlY3VyaXR5QG9wZW5hdGhlbnMubmV0
MB4XDTI0MDQwOTEzMTUzNloXDTM0MDQwOTEzMTUzNlowgYsxCzAJBgNVBAYTAkdC
MRkwFwYDVQQIDBBCcmlzdG9sLCBDaXR5IG9mMQ0wCwYDVQQKDARKaXNjMR8wHQYD
VQQDDBZnYXRld2F5Lm9wZW5hdGhlbnMubmV0MTEwLwYJKoZIhvcNAQkBFiJmZWRl
cmF0aW9uLXNlY3VyaXR5QG9wZW5hdGhlbnMubmV0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsc/LNDF5S/9kLO/j/tv/fgLWyf/LUEMrdCE3IFSxLKQc
EBWYzHp9/ihLMIiukHzi/okzdcwp8DObBAs6fRmELzmwZ9ACgDFWu410dYVSI/Bh
BTg7791MzrO8u7bAt4g27QJRP9Akw19ZqytRR8GbC6HYkGXL2b/zOvvmkjtjBZoO
Qy8cd1o65xm6fkfCMDIbYAsxi0UXNBk/lifh/rLLMv7E/WUpCFtw1IDp22g10QCC
Fv4wwPgPTMCgFKtxlsiCe9dYrAaHtAryOJ4GQ242fig0LMU3cRe1Fr/3MSuc0M2B
5mSwHgj/1w5L44X3vg6E91kgtdUjCdbLp0XeMBipDwIDAQABo1MwUTAdBgNVHQ4E
FgQUms57hFh1e+SmuOrSFbOz4PE8nWwwHwYDVR0jBBgwFoAUms57hFh1e+SmuOrS
FbOz4PE8nWwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAewlr
WYe3uY1UIZ5kd6ZBpFeWuv+N5yzFRSnGkjZyBYZNRuBQdnLadYRWJ8E57e1aDDHT
hrsK8e2aABa7b4uzpeOfiSFW3InPDR/XbAO92xvTGnBisBrOHSXe08gi+cWz0ORc
0wWZmN3fNQyiaDZ1AIirf25E3noetBF4kIDzFs7OLca+pCDfGcj32OEGnDs4h+gF
YfFI87CaEE2tBqqfcpk/ec5LOu7sNHOrBb5f77xwXffoubhSK4QMoUIpWwuL0W7I
/N9rcFL5YjAJ2EKfWbXllAGyDKj9Y+48RdtGK5Sxbfkf4T7utehVerqF2k0IbI+u
E/EFXheIvEglUQpe9w==
-----END CERTIFICATE-----