Replace expired SAML certificate


Article ID: 169083


Updated On:


Web Security Service - WSS


Received an email stating that the SAML certificate that is used with your Web Security Service (WSS) account is about to expire.

End users receive exception pages stating that authentication is not allowed. Account has been locked out.


The SAML certificate is about to or has expired.


Web Security Service


You must access the server that hosts Symantec Authentication

  1. Stop the Symantec Auth Connector service.
  2. Delete the certificate in the cloud portal (Service > Authentication > SAML).
  3. Delete the SAML certificate from the Auth install folder. 
  4. Delete the SAML certificate from the certificate store. It is installed under the Personal folder.
  5. Restart the Auth service which generates a new certificate in the Auth installation folder.
  6. Open the SAML certificate. Copy the contents: Do not add spaces or carriage returns after the last dash.
  7. Back on the ThreatPulse portal SAML page, click Add New Certificate. Paste the copied contents in the window. Click OK.