Renew a certificate

End of sale announcement

Effective May 1, 2026, Okta will no longer sell or renew Advanced Server Access. Existing customers must migrate to Okta Privileged Access within one year of their next scheduled renewal date to maintain service.

Read the FAQ and learn more about Okta Privileged Access.

Certificates expire after a pre-defined period. To minimize disruptions, Okta recommends renewing certificates before they expire.

Start the task

  1. Open the Advanced Server Access dashboard.
  2. In the user menu, click Team Settings.
  3. Go to the Passwordless Certificates tab.
  4. Clone an existing record.
    1. Identify the expiring certificate.
    2. Click gear icon > Clone.
    3. In the Create Certificate Signing Request window, enter a new name.
    4. Click Create Certificate Signing Request.
  5. Create a certificate. See Create a certificate with a certificate signing request.
  6. Distribute the certificate to AD servers. See Configure group policies for AD servers.
  7. Upload a new certificate.
    1. Identify the created certificate record.
    2. Click Gear icon. > Upload certificate.
    3. In the Upload Certificate window, click Browse files.
    4. In the file explorer window, locate the certificate file on your local device.
    5. In the Upload Certificate window, click Upload.

Related topics