Versions Compared

Old Version 19

changes.mady.by.user John Krienke (internet2.edu)

Saved on

compared with

New Version 20

changes.mady.by.user John Krienke (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Continue using the same certificate. Shibboleth does not rely on expiration dates of certificates. Some software may check expiration dates, therefore, we recommend the following.
  2. Submit a self-signed 2048 bit certificate. Wiki Markup
    Here are instructions for creating a self-signed cert.\[link\]
    (question)
  3. For key management and migration, InCommon allows multiple certificates per end point at any time. Select the new certificate from your list of submitted certs, while keeping the old certificate associated with the endpoint for as long as your transition process requires.

...

This approach is supported by the SAML set of specifications. Find the details for SAML V2.0 Metadata Interoperability Profile here: http://wiki.oasis-open.org/security/SAML2MetadataIOP

Example: Generating a Self-Signed Certificate using OpenSSL

Code Block

openssl req -new -x509 -days 1095 -keyout key.pem -out cert.pem -newkey rsa:2048 -subj "/CN=hostname.example.org

What's left on the ToDo List prior go Going live:

...