Removing Certs from Metadata

Zmuda, Matthew R Matthew.R.Zmuda at
Mon Nov 28 13:57:40 GMT 2011

I suppose I may be misunderstanding something.
The issue I have is that we don't want to have the production certs sitting around in source control... or having developers have access to the production certs/metadata.

How would a production deployment happen then? I suppose we would deploy out application without the ipd metadata then manually add it after.

Matthew Zmuda | IT Solutions Developer
DCTS - Online Channels - Authentication and Security
P: 519-667-6052 | F: 519-667-6917

-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Tom Scavo
Sent: Monday, November 28, 2011 8:49 AM
To: Shib Users
Subject: Re: Removing Certs from Metadata

On Mon, Nov 28, 2011 at 8:43 AM, Zmuda, Matthew R
<Matthew.R.Zmuda at> wrote:
> What are my options for removing the inline = X509Certificate from IDP
> metadata?
> I looked through the schema's and didn't notice any ways to load from file,
> or some other way so I don't have to use inline certs in metadata.

The trusted certificates in metadata are meant to be used in
cross-domain fashion so accessing them from the file system is not an
option. I think you're misunderstanding the uses of certificates in

To unsubscribe from this list send an email to users-unsubscribe at

NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au pour des instructions.

More information about the users mailing list