Identity provider (IdP) certificates are automatically created when you install Splunk SOAR (On-premises) and have an an expiry date of two years from the time they were created. To renew Splunk SOAR (On-premises) IdP certificates, follow these steps:

1. Connect to your Splunk SOAR (On-premises) deployment using SSH.
2. Navigate to the /<PHANTOM_HOME>/keystore directory and create a folder and name it cert.save.
3. Copy all existing certificates listed in the /<PHANTOM_HOME>/keystore directory to the cert.save folder.
4. Delete all pem or der files in the /<PHANTOM_HOME>/keystore directory except private_key.pem. private_key.pem is used to decrypt the password and will not be updated.
5. Change directory to /<PHANTOM_HOME>/bin.
6. Update the current certificate files by running the following command:

   phenv python /opt/phantom/bin/initialize.py --set-auth-keys --force

The new IdP certificates are generated under the /<PHANTOM_HOME>/keystore directory and are valid for 2 years. If necessary, you can then copy the relevant public signing key to your IdP.

• If you use SAML, copy public_sig_saml2.pem to your IdP.
• If you use OIDC, copy public_sig_oidc.der to your IdP.