SP certificate expiration

Nate Klingenstein ndk at sudonym.me
Tue Apr 26 18:24:16 EDT 2016


> Some Googling around indicates that the IDP doesn't care if the certificate expires.  Can anyone confirm that?

Shibboleth with defaults, pretty certain yes.  I think it would care if you used PKIX.  Other implementations are all over.

> Can I enable assertion encryption using this self-signed certificate that will expire in 1 year?

I wouldn’t bank on it because of the variation in implementations, but probably.

> What have other people done for Salesforce?

It’s not in use here.

Hope this helps,

More information about the users mailing list