Manage Public Certificate and Private Key Pairs

A public certificate and private key pair are required to successfully connect applications with JumpCloud. This certificate and key pair are used during SAML handshakes to successfully authenticate users during an SSO login. After you activate an application, JumpCloud automatically generates a public certificate and private key pair for you. You can use this pair or upload your own from the Application Details panel. Learn how to generate a custom certificate and private key pair.

You can upload, download, and regenerate certificates from the Application Details panel. Additionally, you can view the status for both the certificate and public key on the Application Details panel, including the certificate’s expiration date. Certificate and key status is indicated as grey if there isn’t a certificate or key detected for the application. Status is indicated as green if a certificate and key are detected.

Warning:

Your private key should be closely guarded. If this key has been lost or compromised, it should be regenerated immediately. An easy way to do this is to regenerate your certificate.

When it gets close to the time when the certificate will expire, emails will be sent out to notify admins. These emails will be sent out with 60 days, 30 days, 7 days, and 24 hours before expiration. The emails contain a link labeled Regenerate Certificate that can be used to renew the public certificate. 

Uploading a public certificate

  1. Go to USER AUTHENTICATION > SSO Applications.
  2. Select an application from the list.
  3. Expand the IDP Certificate status by clicking the triangle and then select Upload new certificate.
  4. Browse to the certificate file and then click Open.

Uploading a private key

  1. Go to USER AUTHENTICATION > SSO Applications.
  2. Select an application from the list.
  3. Expand the IDP Private Key status by clicking the triangle and then select Upload IDP Private Key.
  4. Browse to the private key file and then click Open.

Warning:

These must be uploaded in pairs, i.e., if you upload a new certificate, you must upload a new private key and vice versa.

Downloading a certificate

  1. Go to USER AUTHENTICATION > SSO Applications.
  2. Select an application from the list.
  3. Expand the IDP Certificate status by clicking the triangle and then select Download certificate.
  4. The certificate will download to your local Downloads folder with the name certificate.pem.

Tip:

After the application is saved, you can also download the certificate by clicking Download Certificate in the notification in the upper-right corner of the screen.  

Regenerating a certificate

Note:

You can't regenerate a certificate until you activate an application connector.

  1. Go to USER AUTHENTICATION > SSO Applications.
  2. Select an application from the list.
  3. Expand the IDP Certificate status by clicking the triangle and then select Regenerate certificate.
  4. Click continue.
  5. After you regenerate the certificate, the private key is also regenerated.

Warning:

If your SSO Service Provider uses JumpCloud metadata and you regenerate the certificate, you must export new metadata and upload it to the Service Provider.

Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case