https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4708097#M4590 <P>There are as you might know two parts of the chain of trust in an IdP. One is the system side and the other is the IdP, both uses certificates. As I read your second screenshot it is the certificates that the IdP uses to identify itself with the system side, ie what it uses to sign the token passed to the system side. The system side is also know as SP if I'm not all wrong.</P> <P>What you'd need to update is the certificate that is used to identify the SP side with your IdP. That is done by the certificate that the SP uses and can be found in the metadata export that you do on the SP side, ie in Site Admin. On the IdP you'd put that certificate on the trust that is created for Webex (Site Admin).</P> Mon, 24 Oct 2022 12:14:42 GMT Roger Kallberg 2022-10-24T12:14:42Z https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4707747#M4587 <P>Hello community,</P><P>We got a generic mail from Cisco saying our current SSO certificate is about to be expired next month.</P><P>on our Webex SSO settings we see the new certificate with 1 year expiration date ready to be activated:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="zeevi_2-1666525370323.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/165501iB7099548B31016D7/image-size/medium?v=v2&amp;px=400" role="button" title="zeevi_2-1666525370323.png" alt="zeevi_2-1666525370323.png" /></span></P><P>according to the mail, we should download the new certificate and upload to our idP (Azure in our case) before activating the new Certificate but it seems that we already have a valid certificate in Azure expiring 3 years from now:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="zeevi_3-1666525510608.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/165502i81AED2994E89FC7E/image-size/medium?v=v2&amp;px=400" role="button" title="zeevi_3-1666525510608.png" alt="zeevi_3-1666525510608.png" /></span></P><P>this is also matching the "site certificate manager" on Webex SSO config page:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="zeevi_4-1666525632334.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/165503i518D91ECE447A848/image-size/medium?v=v2&amp;px=400" role="button" title="zeevi_4-1666525632334.png" alt="zeevi_4-1666525632334.png" /></span></P><P>&nbsp;</P><P>does anyone know the process of uploading Webex new certificate to Azure? is it even necessary or we just need to activate the new certificate on the webex administrator SSO Configuration settings?</P><P>I already have a ticket open with Webex support (694462722) but unfortunately they do not know the process that needs to be done in Azure.</P><P>&nbsp;</P> Sun, 23 Oct 2022 11:48:07 GMT https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4707747#M4587 zeevi 2022-10-23T11:48:07Z https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4707907#M4588 <P>In your IdP you should likely have two different trusts as you still use Site Admin for management of your Webex site(s). One for Site Admin and another for Control Hub. The one that you’ll need to renew the certificate for is the one for Control Hub.</P> Mon, 24 Oct 2022 05:02:26 GMT https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4707907#M4588 Roger Kallberg 2022-10-24T05:02:26Z https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4707917#M4589 <P>Thanks but we haven't implemented control hub yet.</P><P>we only have WEBEX sites at the moment.</P> Mon, 24 Oct 2022 05:48:43 GMT https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4707917#M4589 zeevi 2022-10-24T05:48:43Z https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4708097#M4590 <P>There are as you might know two parts of the chain of trust in an IdP. One is the system side and the other is the IdP, both uses certificates. As I read your second screenshot it is the certificates that the IdP uses to identify itself with the system side, ie what it uses to sign the token passed to the system side. The system side is also know as SP if I'm not all wrong.</P> <P>What you'd need to update is the certificate that is used to identify the SP side with your IdP. That is done by the certificate that the SP uses and can be found in the metadata export that you do on the SP side, ie in Site Admin. On the IdP you'd put that certificate on the trust that is created for Webex (Site Admin).</P> Mon, 24 Oct 2022 12:14:42 GMT https://community.cisco.com/t5/webex-administration/renew-sso-certificate-on-webex-administrator-page-with-azure-idp/m-p/4708097#M4590 Roger Kallberg 2022-10-24T12:14:42Z