Fix federation certificate expiry notification
What to do if you receive a "Federation certificate expiration notification" email
Applies to: current and former vCloud users
You have recently received an email titled "Federation certificate expiration notification" reading:
The federation certificate expiration is [DATE] [TIME]. An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the Federation Settings page.
The federation certificate is used in the vCloud Director SAML Identity Provider as a basis for vDC user authentication. Note that vCloud Director sends out the warning even if you are using local Active Directory rather than SAML for authentication.
Solution 1 - Oxford vCloud customers
If the notification came from email@example.com then you do not need to take any action. IT Services will refresh the certificate for you prior to expiry.
Solution 2 - Other vCloud users
- Log into your vCloud environment and click on the Administration tab
- Choose Settings > Federation
- On the following screen Use SAML Identity Provider should be unchecked. If it is checked then please contact our Cloud Services Team and we will advise further
- Scroll to the Certificate section at the bottom of the screen, and click Regenerate
- A warning about the consequences of proceeding will be displayed. Provided Use SAML Identity Provider was unchecked earlier you can safely click on OK. The new certificate will be generated and the new expiry date displayed (it will be valid for one year)
If you cannot find the solution you need here then we have other ways to get IT support