SP CredentialResolver locally signed SSL certificate

Peter Schober peter.schober at univie.ac.at
Tue Feb 27 12:17:52 EST 2018

* Tom Noonan <tom at joinroot.com> [2018-02-27 17:14]:
> I'm currently using a self-signed certificate for the SP Credential
> resolver, by config for this is same as the example:
> <CredentialResolver type="File" key="/etc/shibboleth/sp.key"
> certificate="/etc/shibboleth/sp.crt"/>
> This works fine, I have no login errors.  However, I'm not clear on how
> this certificate is used.  Am I opening myself up to spoofing attacks by
> using a self-signed certificate for this?

esp. "Inline / Explicit Key Trust Engine"

The formal write-up of this can be found here:


More information about the users mailing list