Home / Blog / Obtaining the Okta Root CA from OIE
Published: Jan 18, 2023 / By Andrew DoeringWith Okta’s OIE platform, you are now able to distribute Certificate Authorities directly from Okta. However, when deploying the CA that Okta provides, you end up with just the intermediary, and you are missing the root. The methods below allow you to obtain the Root CA. As far as I can tell, there is no documentation on how to obtain this certificate from the support sites on Okta. So hopefully this helps a few people out there if they have a need for this.
https://<org-admin>.okta.com/api/v1/certificateAuthorities?type=ROOT
We will use the ID that was taken in the previous step to obtain the certificate.
https://<org-admin>.okta.com/api/v1/certificateAuthorities/<id from process>/cert
cert
fileThe Cert file that is downloaded, should be the root CA which should allow you to complete the trust chain from the intermediary that Okta allows from the web GUI.
Then it would be up to your individual MDM or distribution means to deploy the certificate to devices or end users.