...
- Replace the current signing certificate with a long-lived, self-signed certificate based on the current key pair. Set the new certificate to expire on December 18, 2037.
- Deploy a new metadata aggregate that uses the new self-signed certificate and a SHA2-based signing algorithm.
- Recommend that all organizations migrate to the new metadata aggregate asap. In particular, any deployment that (incorrectly) relies on the legacy CA is strongly encouraged to must migrate to the new metadata aggregate by March 29, 2014.
Wiki Markup Replace the current metadata aggregate with a redirect. \[*date TBD*\]
- Create a discussion list for administrators that have questions or experience problems regarding this transition.