Skip to main content
Skip table of contents

Updating signing certificates for OpenAthens IdPs

We are currently updating our encryption certificate within our metadata. You and your team may need to take action to maintain access for our mutual customers.

Updates must be in place before Monday 3 February 2025

As a hub and spoke style federation, all of our IdPs are run by us and use the same signing and encryption certificate to secure communication between OpenAthens and you.

Certificates eventually expire and we will contact you in the months leading up to any change to let you know about it. When this happens…

What you have to do

If you use Keystone

It will all happen automatically in the background with no break in service.

If you use software that checks and caches federation metadata

It should pick up the change automatically from the metadata aggregate. You may want to plan a refresh to happen shortly after a change.

If you can support additional certificates then you can avoid any downtime. Check your software’s documentation, likely labelled trust store or similar. We will provide you with details of the certificate when we alert you (see below)

If you use software you have to configure separately for each IdP

You will need to update the certificates in your trust store for these IdPs; we will provide you with details of the certificate when we alert you (see below)

Support

Our service desk are always happy to help but may be busier than usual near to a certificate change.

Current certificate

This will become the old certificate

View summary
  • Issued To: E=athenshelp@eduserv.org.uk, C=GB, ST=Somerset, L=Bath, O=Eduserv, OU=OpenAthens, CN=gateway.athensams.net

  • Issued By: E=athenshelp@eduserv.org.uk, C=GB, ST=Somerset, L=Bath, O=Eduserv, OU=OpenAthens, CN=gateway.athensams.net

  • Serial Number: 54 ec 42 22

  • Issued On: Tue Feb 24 2015 09:20:06 GMT+0000 (Greenwich Mean Time)

  • Expires On: Mon Feb 24 2025 09:20:06 GMT+0000 (Greenwich Mean Time)

  • SHA-256 Fingerprint: 32 9d 94 4c 88 db 14 98 4d b2 91 78 df ad 3b 39 da 80 01 1a 75 50 2a 80 d5 69 9b 57 7c 9b b2 aa

  • SHA-1 Fingerprint: 0e ae 65 d2 77 e2 63 b7 17 be 07 1a 5d 85 25 75 21 29 da 8d

New certificate details

This certificate example is the one [being] made live on 3 February 2025 12:00 UTC

Not Before: Apr  9 13:15:36 2024 UTC

Not After : Apr  9 13:15:36 2034 UTC

Serial number: 33e64f9cd5aef2c20b113d3cf08a36c34d80e715

CODE
-----BEGIN CERTIFICATE-----
MIID+TCCAuGgAwIBAgIUM+ZPnNWu8sILET088Io2w02A5xUwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAkdCMRkwFwYDVQQIDBBCcmlzdG9sLCBDaXR5IG9mMQ0w
CwYDVQQKDARKaXNjMR8wHQYDVQQDDBZnYXRld2F5Lm9wZW5hdGhlbnMubmV0MTEw
LwYJKoZIhvcNAQkBFiJmZWRlcmF0aW9uLXNlY3VyaXR5QG9wZW5hdGhlbnMubmV0
MB4XDTI0MDQwOTEzMTUzNloXDTM0MDQwOTEzMTUzNlowgYsxCzAJBgNVBAYTAkdC
MRkwFwYDVQQIDBBCcmlzdG9sLCBDaXR5IG9mMQ0wCwYDVQQKDARKaXNjMR8wHQYD
VQQDDBZnYXRld2F5Lm9wZW5hdGhlbnMubmV0MTEwLwYJKoZIhvcNAQkBFiJmZWRl
cmF0aW9uLXNlY3VyaXR5QG9wZW5hdGhlbnMubmV0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsc/LNDF5S/9kLO/j/tv/fgLWyf/LUEMrdCE3IFSxLKQc
EBWYzHp9/ihLMIiukHzi/okzdcwp8DObBAs6fRmELzmwZ9ACgDFWu410dYVSI/Bh
BTg7791MzrO8u7bAt4g27QJRP9Akw19ZqytRR8GbC6HYkGXL2b/zOvvmkjtjBZoO
Qy8cd1o65xm6fkfCMDIbYAsxi0UXNBk/lifh/rLLMv7E/WUpCFtw1IDp22g10QCC
Fv4wwPgPTMCgFKtxlsiCe9dYrAaHtAryOJ4GQ242fig0LMU3cRe1Fr/3MSuc0M2B
5mSwHgj/1w5L44X3vg6E91kgtdUjCdbLp0XeMBipDwIDAQABo1MwUTAdBgNVHQ4E
FgQUms57hFh1e+SmuOrSFbOz4PE8nWwwHwYDVR0jBBgwFoAUms57hFh1e+SmuOrS
FbOz4PE8nWwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAewlr
WYe3uY1UIZ5kd6ZBpFeWuv+N5yzFRSnGkjZyBYZNRuBQdnLadYRWJ8E57e1aDDHT
hrsK8e2aABa7b4uzpeOfiSFW3InPDR/XbAO92xvTGnBisBrOHSXe08gi+cWz0ORc
0wWZmN3fNQyiaDZ1AIirf25E3noetBF4kIDzFs7OLca+pCDfGcj32OEGnDs4h+gF
YfFI87CaEE2tBqqfcpk/ec5LOu7sNHOrBb5f77xwXffoubhSK4QMoUIpWwuL0W7I
/N9rcFL5YjAJ2EKfWbXllAGyDKj9Y+48RdtGK5Sxbfkf4T7utehVerqF2k0IbI+u
E/EFXheIvEglUQpe9w==
-----END CERTIFICATE-----
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.