This repository contains all of Okta's public facing certificates. Customers that require a copy of these certificates prior to their deployment can subscribe to release notifications.
| Certificate Name | Endpoint Type | Environment | Cells |
|---|---|---|---|
| *.okta.com | TLS1.2 | Production | OK1-OK16 |
| *.oktapreview.com | TLS1.2 | Preview | OP1-OP3 |
| *.okta-emea.com | TLS1.2 | EMEA | EU1 |
| *.oktacdn.com | TLS1.2 | Global | Global |
| *.mtls.okta.com | mTLS | Production | OK1-OK16 |
| *.mtls.oktapreview.com | mTLS | Preview | OP1-OP3 |
| *.mtls.okta-emea.com | mTLS | EMEA | EU1 |
| *.kerberos.okta.com | Kerberos | Production | OK1-OK16 |
| *.kerberos.oktapreview.com | Kerberos | Preview | OP1-OP3 |
| *.kerberos.okta-emea.com | Kerberos | EMEA | EU1 |
| *.ldap.okta.com | LDAP | Production | OK1-OK16 |
| *.ldap.oktapreview.com | LDAP | Preview | OP1-OP3 |
| *.ldap.okta-emea.com | LDAP | EMEA | EU1 |
HTTP Public Key Pinning (HPKP) is a deprecated standard that is highly advised against by multiple authoritative bodies and certificate authorities. Okta stands with other industry leaders in advising against the use of HPKP
https://www.digicert.com/blog/certificate-pinning-what-is-certificate-pinning
https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
Okta reserves the right to revoke, reissue, and/or renew any certificates at any time without prior notification in order to maintain the safety and security of our customers and services.