IdP is using two types of certificates. 1. SSL Certificate / Apache Certificate / Java Certificate 2. Self signed Certificate / Shib Certificate / Metadata Certificate SSL Certificate is Certificate Authority signed. It is using for the HTTPS part of your IdP's hostname. If you click on the "https" part of your hostname from web browser ( https://yourOrg.com/ ); you will see the informations of this certificate. Self Signed Certificate is being used for SSO message passing from IdP to SP and vice versa. If your IdP is InCommon registered, you will see same certificate in InCommon metadata for your organization part. This certificate is visible from location: https://yourOrg.com/idp/shibboleth Check out the certificate inside <ds:X509Certificate> ... Or, if you want to grab this certificate directly from your Gluu Server's filesystem; location: /etc/certs/. Name of this this certificate: "DA....-shib.crt" Both certificates should be renewed on proper time.