sp testshib certificate validation on attribute query

Rod Widdowson rdw at steadingsoftware.com
Wed May 31 09:31:25 EDT 2017

> As you can see the ssl tomcat certificate is a certificate issued by letsencrypt.org and it's a valid certificate recognized by every browser.

It's got nothing to do with the browser nothing to do with certificate validity (in the canonical sense) and everything to do with your metadata at testshib.

> 2017-05-31 09:15:54 DEBUG XMLTooling.TrustEngine.ExplicitKey [1582]: no keys within this peer's key information matched the given end-entity certificate

The metadata doesn't have the correct key information

More information about the users mailing list