This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 95%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
We are using Azure AD for SSO with AWS. We have multiple Enterprise applications showing the status as "Expires soon", "Expired Inactive Certificate" or "Expired".
For the "Expired" one, we have selected the new certificate in Single-Sign-On and made it active. Then we downloaded "Federation Metadata XML" file and uploaded to AWS>Identity Provider>Replace metadata. It's valid until 03/01/2124. However, in Azure Enterprise Applications, the Certificate Expiry Status of this application is showing "Expired Inactive Certificate".
Could you please advise if the steps are correct? How to deal with the expired inactive certificate?
Thanks.
Thanks for posting your question in the Microsoft Q&A forum.
This article may help you:
How to renew Azure Single Sign-On Expired SAML Token Signing Certificate
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful
Hi Hossein,
Thanks for your reply.
I read this article before posting this question. The step 10 doesn't make sense to me because I can't find where to paste certificate. In AWS, we're using metadata.
In this case, I can't close and accept it as an answer.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more