...
- Replace the current signing certificate with a long-lived, self-signed certificate based on the current key pair. Set the new certificate to expire on December 18, 2037.
- Deploy a new metadata aggregate that uses the new self-signed certificate and a SHA2-based signing algorithm (specifically, SHA-256).
aggregate asap. In particular, any deployment thatWiki Markup Recommend that all organizations migrate to the new metadata
by March 29,aggregate ASAP but no later than \[*date TBD*\]. In particular, any deployment that (incorrectly) relies on the legacy CA *must* either stop doing so or migrate to the new metadata aggregate
by March 29, 2014.
Wiki Markup Replace the current metadata aggregate with a redirect. to the new metadata aggregate on \[*date TBD*\].
- Create a discussion list for administrators that have questions or experience problems regarding this transition.