...
- Replace the current signing certificate with a long-lived, self-signed certificate using based on the current key pair. Set the new certificate to expire on December 18, 2037.
- Deploy a new metadata aggregate using the new self-signed certificate. The new aggregate will be signed using also use a SHA2-based signing algorithm.
- Recommend that all deployments organizations migrate to the new metadata aggregate asap. In particular, non-Shibboleth deployments (such as AD FS and CA SiteMinder) are any deployment that (incorrectly) relies on the legacy CA is strongly encouraged to migrate to the new metadata aggregate before April 2014 (which is when the signing certificate of the legacy CA expires)by March 29, 2014.
Wiki Markup Replace the current metadata aggregate with a redirect. \[*date TBD*\]
- Create a discussion list for administrators that have questions or experience problems regarding this transition.