SP CredentialResolver locally signed SSL certificate
peter.schober at univie.ac.at
Tue Feb 27 12:17:52 EST 2018
* Tom Noonan <tom at joinroot.com> [2018-02-27 17:14]:
> I'm currently using a self-signed certificate for the SP Credential
> resolver, by config for this is same as the example:
> <CredentialResolver type="File" key="/etc/shibboleth/sp.key"
> This works fine, I have no login errors. However, I'm not clear on how
> this certificate is used. Am I opening myself up to spoofing attacks by
> using a self-signed certificate for this?
esp. "Inline / Explicit Key Trust Engine"
The formal write-up of this can be found here:
More information about the users