You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: website/docs/sys-mgmt/certificates.md
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,6 +28,10 @@ To download a certificate for SAML configuration:
28
28
2. Navigate to **Applications** > **Providers** and click on the name of the provider.
29
29
3. Click the **Download** button found under **Download signing certificate**. The contents of this certificate will be required when configuring the service provider.
30
30
31
+
## Certificate recommendations
32
+
33
+
It is generally not recommended to use short-lived certificates for SAML/OIDC signing operations as the main priority is that the signature is valid. Frequently changing certificates can be problematic as it requires updating configuration in authentik and potentially in connected applications.
34
+
31
35
## External certificates
32
36
33
37
To use externally managed certificates (e.g., from Certbot or HashiCorp Vault), you can use the discovery feature.
0 commit comments