generating sealer keystore by hand

Scott Koranda skoranda at
Thu May 7 14:42:19 EDT 2015

> Is there a reason not to just call the seckeygen script/utility to do that same thing? That's not Ant, it's just a Java class. The idea was that using that API would be more insulating and let us make adjustments that wouldn't break anybody.

Only a desire to do the initial creation of key material, including
all the X.509 certificates and keys, on a different box where the IdP
is not deployed and then (securely) transfer the key material to the
deployed IdP(s).

This is a specific and limited use case--not anything for which I am
asking for support.


Scott K

More information about the users mailing list