...
- Create a new self-signed signing certificate set to expire on December 18, 2037: [DONE]
- On December 18, 2013, deploy three new metadata aggregates: [DONE]
- A new production metadata aggregate that uses the new self-signed certificate and a SHA-2 digest algorithm (specifically, SHA-256):
- A new fallback metadata aggregate that uses the new self-signed certificate and the SHA-1 digest algorithm (like we do now):
- A new preview metadata aggregate that is aliased to the production metadata aggregate:
- Advise all deployments to migrate to one of the new metadata aggregates ASAP but no later than March 29, 2014. [DONE]
- Create discussion list metadata-support@incommon help@incommon.org. [DONE]
- Replace the current metadata aggregate with a redirect to the fallback metadata aggregate on March 29, 2014. [DONE]
- Retire the following resources on March 29, 2014:
- http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml [DONE]
- http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
- https://wayf.incommonfederation.org/bridge/certs/inc-md-cert.pem
- https://wayf.incommonfederation.org/bridge/certs/incommon.pem
- https://wayf.incommonfederation.org/bridge/certs/ca.pem
- http://incommoncrl1.incommonfederation.org/crl/eecrls.crl
- http://incommoncrl2.incommonfederation.org/crl/eecrls.crl
- Sync the fallback metadata aggregate with the production metadata aggregate on June 30, 2014. [DONE]
- Remove the redirect to the fallback metadata aggregate on [date TBD].
If you have questions or problems regarding this transition, please post them to metadata-support@incommonhelp@incommon.org.