OneLogin - How to Renew a OneLogin Vanity Domain SSL Certificate Using a CSR Generated by OneLogin (4383097)

Vanity domain SSL certificates, like any certificate, have a defined expiration date and must be renewed periodically to prevent OneLogin authentication failures. Renewal requires coordination between OneLogin Support (for CSR generation and deployment) and the customer’s security or certificate authority team (for certificate issuance).

Step 1: Request CSR Generation

The customer must open a Technical Support case, informing the vanity domain, the certificate expiration date, and provide the following information for the CSR creation:

• Country (2-letter code)
• State / Province
• City / Locality
• Organization Name
• Organizational Unit
• Common Name (FQDN of vanity domain)
• Contact Email Address

OneLogin generates the CSR and private key internally and sends it to the customer.

---

Step 2: Customer Generates the Signed Certificate

Using the OneLogin CSR, the customer:

• Requests a signed SSL certificate from their Certificate Authority (CA)
• Obtains the server certificate, intermediate, and root certificates

⚠️ If switching CAs, a new Root and Intermediate certificates must be provided.

---

Step 3: Secure Certificate Upload

The customer sends the signed certificate and chain files, preferably using a secure transfer method (for example, SFTP provided by Support).

---

Step 4: OneLogin Certificate Deployment

• Support verifies the certificate expiration date.
• OneLogin deploys the new certificate in production
• The customer confirms successful access to the vanity domain