IdP versions 2.3 and later
If you need to regenerate the key material that your IdP uses to communicate with other SPs (for instance because of key compromise or Federation Operator's restrictions), you can do so by using a variant of the installation script.
./install.sh renew-cert(on Unix systems) or
install.bat renew-cert(on Windows systems).
The new private key, cert, and keystore files will be generated with the file name suffix '.new'. Once you're ready to use them, just copy them over the existing files that don't have the '.new' suffix.
You can change the lifetime of the self signed certificate by setting the environment variable