Renew IDP metadata certificate

The IDP metadata certificate is expired, but the applications integrated work fine. The wildcard certificate is imported at the linux end. Could anyone explain the working?

Also, how can I renew the metadata certificate?

  • Hi!

    To help you we would need to know more.

    I assume you are talking about SAML. But is Access Manager acting as IDP or is Access Manager connecting to external IDP (acting as service provider)?

    Also what kind of AM flavor are you using? Is this appliance where everything runs on one box or Access Manager service, where you are running components on separate servers? I am asking because certificate management is different (see certificate management here Access Manager Versus Access Manager Appliance)

    Also you said that wildcard certificate is imported at the linux end. What does that mean? That you have already imported certificate into AM admin console?

    Kind regards,


  • Hi Sebasijan,

    Thanks for the response.

    Access Manager is acting as IDP here.

    I am using Access Manager appliance.

    The current Certificate is imported at the middleware end. When I look at the AM console, is not there. When I try to import, it gives Error importing signed certificate: Error: PKI_E_PUBLIC_KEY_COMPARISON_FAILURE, Error: -1233



  • PKI_E_PUBLIC_KEY_COMPARISON_FAILURE is triggered when public key of certificate you are trying to import does not match with private key you already have on server.

    So I assume you are trying to import signed public key to issued CSR (certificate signing request)? But was CSR issued by Access Manager? I assume not, since you've mentioned that certificate is already imported at the middleware end?

    Can you export certificate in pfx (p12) format and then try to import this into AM admin console?

  • Is there a way to import it in bundle form?

    How are the applications working with the certificate expired in the metadata?