My certificate expired, what can I do? March 15, 2026 12:56 Updated If a certificate is about to expire, or already is expired, you need to create and implement a new one. This guide applies to ADONIS 16, ADOIT 17, and ADOGRC 13 and later versions. For instructions applicable to earlier versions, please click here.What steps are involved in renewing an authentication certificate?The certificate used by your Identity Provider (IdP) for signing SAML tokens needs to be periodically renewed, a process known as certificate rollover. When this happens, you must ensure that ADONIS is updated with the new certificate to maintain the trust relationship between ADONIS and your IdP.There are two scenarios for managing certificate rollover, depending on the method you initially used to configure the certificate in ADONIS: referencing a metadata URL or uploading the certificate directly. Scenario 1: Referencing the Metadata URLIf you initially referenced the IdP's metadata URL during configuration, you’ll need to manually update the connector when the certificate rolls over. While ADONIS can retrieve the latest metadata from the URL, it does not automatically refresh the configuration regularly. Therefore, after a certificate rollover, you must perform the following steps to renew the certificate: Step Description Image 1 Log in to the web client of a BOC product (ADONIS, ADOIT, ADOGRC). Make sure that you are logged into the web client as an administrator. To do this, click on the three cogwheels to get the corresponding view. 2 Click on Authentication at the bottom right. 3 Hover over the SAML 1 connector, click ... More (1), and then select Configure IdP (2). 4 From the Configuration source (1) list, select URL (2). 5 The Metadata URL field (1) should now already be populated with the metadata URL from your IdP. If not, enter it and confirm by clicking OK (2). 6 Save your changes by clicking Save (1). This process ensures that ADONIS retrieves the new certificate contained within the metadata. Scenario 2: Uploading the Certificate DirectlyIf you initially uploaded the certificate directly into ADONIS, you’ll need to upload the new certificate manually each time the IdP rolls over to a new one. Follow these steps to update the certificate: Step Description Image 1 Log in to the web client of a BOC product (ADONIS, ADOIT, ADOGRC). Make sure that you are logged into the web client as an administrator. To do this, click on the three cogwheels to get the corresponding view. 2 Click on Authentication at the bottom right. 3 Hover over the SAML connector, click ... More (1), and then select Edit (2). 4 On the Properties (1) page of the connector configuration, under IDP public key file, click Browse (2) to upload the new token-signing certificate from the IdP. Confirm your changes by clicking OK (3). 5 Save your changes by clicking Save (1). By uploading the new certificate, you ensure that ADONIS continues to validate SAML tokens issued by your IdP. How to renew my authentication certificate (pre ADONIS 16, ADOIT 17 and ADOGRC 13)? The renewal process in BOC products involves the following steps: Step Description Image 1 To update your certificate, you need to log into the admin page of your BOC product. How to log in there is described in the ADONIS & ADOGRC Guide or ADOIT Guide. 2 After logging into the Admin page, you have to navigate to the Authentication site (2) from the menu "..." (1) 3 On the Authentication site, you will find an option labeled Upload Certificates, which you have to press. 4 You will now be able to upload your new certificate by clicking the add (1) and Upload (2) button. You are also able to remove certificates by clicking the "remove" button. 5 To finish up, you will need to adjust the name of the certificate in the configuration of the Connector Data by renaming (1) it and saving (2) the changes in the Connector Data window and also the Authentication site as seen in the pictures When should I renew my authentication certificate? It is essential to renew your authentication certificate before it expires. Renewing it ahead of time ensures uninterrupted access to your BOC product. To avoid any service disruptions due to an expired certificate, you can plan the renewal process in advance.What happens if I don't renew my authentication certificate in time?If you fail to renew your authentication certificate before it expires, it can lead to significant disruptions in your system or application. Your users may experience difficulties accessing resources, and potential security risks could arise. In some cases, you may need to create a new certificate request and go through the entire certificate issuance process again. Can I renew an authentication certificate before its scheduled renewal date? Yes, in most cases, you can renew your certificate before its scheduled renewal date. Some Certificate Authorities allow early renewal, and it is generally recommended to renew certificates a few weeks before they expire to avoid last-minute issues. Related articles How to download a Support Information Package (SIP)? How do I set up my MS Entra ID (Azure) for a BOC product? How to create an ODBC connection? How can I reset my administrator password? How can I import a license?