generating sealer keystore by hand
Cantor, Scott
cantor.2 at osu.edu
Thu May 7 14:54:08 EDT 2015
On 5/7/15, 2:42 PM, "Scott Koranda" <skoranda at gmail.com> wrote:
>> Is there a reason not to just call the seckeygen script/utility to do that same thing? That's not Ant, it's just a Java class. The idea was that using that API would be more insulating and let us make adjustments that wouldn't break anybody.
>>
>
>Only a desire to do the initial creation of key material, including
>all the X.509 certificates and keys, on a different box where the IdP
>is not deployed and then (securely) transfer the key material to the
>deployed IdP(s).
The code involved is all in java-support-xxx.jar, so if you did a little surgery on the shell command provided, you could pretty easily run the wrapper command to do it on a separate host.
-- Scott
More information about the users
mailing list