...
- Continue using the same certificate. Shibboleth does not rely on expiration dates of certificates. Some software may check expiration dates, therefore, we recommend the following.
- Submit a self-signed 2048 bit certificate.
Wiki Markup Here are instructions for creating a self-signed cert.\[link\]
- For key management and migration, InCommon allows multiple certificates per end point at any time. Select the new certificate from your list of submitted certs, while keeping the old certificate associated with the endpoint for as long as your transition process requires.
...
This approach is supported by the SAML set of specifications. Find the details for SAML V2.0 Metadata Interoperability Profile here: http://wiki.oasis-open.org/security/SAML2MetadataIOP
Example: Generating a Self-Signed Certificate using OpenSSL
Code Block |
---|
openssl req -new -x509 -days 1095 -keyout key.pem -out cert.pem -newkey rsa:2048 -subj "/CN=hostname.example.org
|
What's left on the ToDo List prior go Going live:
...