We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

bryangarner-wd's avatar
bryangarner-wd
Helpful | Level 5
2 years ago

400 malformed_certificate google

My company uses SSO with Google and we recently began getting 400. Error: malformed_certificate. The SAML certificate had expired, I rotated a new one in and indicated that for Dropbox within Google Admin Console.

 

In their steps to update, the final one seems to be to configure DB to point to the new cert:

7. After changing the certificate assigned to the SAML app, make sure to also update the app's SSO configuration with the new certificate on the Service Provider's website. SSO with the SAML app won't work until the SP-side configuration is also updated. 

 

Feels like I'm close to getting this to work again, but don't know exactly what the final bit is. Do I just need to wait to propagate, like a DNS server?

Account Access
Error Messages
Web
  • bryangarner-wd's avatar
    bryangarner-wd
    2 years ago

    Thank you. This has been resolved, though the DB process made it difficult.

     

    By way of answering my own question: I needed to go to DB Admin Console and upload the new certificate. The challenge was that the only way to get to the Admin Console was to login to DB. The only way to login in to DB was via SSO. It was an endless loop.

     

    DB admins are supposed to be able to login using either SSO or with log/pass credentials (while everyone else is required to use SAML). I am listed as an admin *but did not have ability to login using credentials.* Another admin was able to login that way, disable the SAML-only restriction, so I could upload the cert. Recommend having two accounts with admin access, in case this happens to others.

  • Jay's avatar
    Jay
    Icon for Dropbox Staff rankDropbox Staff
    2 years ago

    Hi bryangarner-wd, thanks for bringing this to our attention.

     

    I'd recommend getting in contact with the support team directly for them to investigate this matter in more detail.

     

    They'll be able to assist further!

    • bryangarner-wd's avatar
      bryangarner-wd
      Helpful | Level 5
      2 years ago

      Thank you. This has been resolved, though the DB process made it difficult.

       

      By way of answering my own question: I needed to go to DB Admin Console and upload the new certificate. The challenge was that the only way to get to the Admin Console was to login to DB. The only way to login in to DB was via SSO. It was an endless loop.

       

      DB admins are supposed to be able to login using either SSO or with log/pass credentials (while everyone else is required to use SAML). I am listed as an admin *but did not have ability to login using credentials.* Another admin was able to login that way, disable the SAML-only restriction, so I could upload the cert. Recommend having two accounts with admin access, in case this happens to others.

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need more support

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!