X.509 Certificates in the InCommon Federation
The use of self-signed certificates in Federation metadata is strongly RECOMMENDED. Certificates signed by a Certificate Authority (CA) are allowed, and in most situations will work just fine, but the use of such certificates is discouraged. See the Interoperability notes and the Backgrounder information below for further discussion.
Panel |
---|
As of January 2010, InCommon does not issue certificates signed by the InCommon CA. We will transition the entire federation to self-signed certificates by the end of 20112012. |
Requirements
InCommon sets the following security and trust parameters around certificates that are included in Federation metadata:
...