Protection against Openssl heartbleed issue in salm message transformation
Rock star
shib.rockstar at gmail.com
Thu Mar 26 01:51:53 EDT 2015
We have a java web application which is protected with https. We have used
openssl to create a "self signing certificate" by using "Openssl - 1.0.1j"
but recently openssl announced some of(heartbleed) the issues and they
provided fixes. To skip out from the issues we need to upgrade our openssl
version at our server side and reissue the certificates as well.
The above procedure is fine for browser facing on https port 443. but here
we are using the public key in idp-metadata.xml under <ds:X509Certificate>
element. the key is created by using openssl version 1.0.1j. I think we
need to reissue the certificate again
by using new openssl version to protect idp and sp communication at message
level.
1) We need to reissue the certificate. Please let me know if i am wrong?
2) Is there any procedure to migrate the certificate in the metadata?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150326/43b0e221/attachment.html
More information about the users
mailing list