...
$ curl --silent --remote-name https://wayf.incommonfederation.org/bridge/certs/incommon.pem
$ openssl x509 -sha1 -in incommon.pem -noout -fingerprint
SHA1 Fingerprint=74:27:8F:96:7C:F1:BF:CA:AA:1B:41:AF:B6:33:64:48:A2:15:0E:B4
Warning | ||
---|---|---|
| ||
The above certificate expires on May 19, 2012. The "old" certificate will be renewed and replaced by the following "new" certificate:
Starting on Monday, May 14, 2012, the signature on InCommon metadata will be based on the "new" certificate (instead of the "old" certificate). The "new" certificate will be moved to its permanent location (incommon.pem) at that time. |
Once the certificate file is locally installed, you can use it to verify the signature on the metadata file. For example, you could use the XmlSecTool (or some similar 3rd-party tool) to verify the signature:
...