Shib v3 x509 certificate
Tom Scavo
trscavo at gmail.com
Mon Jul 2 16:47:00 EDT 2018
Hi Vanna,
On Mon, Jul 2, 2018 at 4:31 PM, Ramaiah, Vanna G. <ramaiah at musc.edu> wrote:
>
> I am working on installing Idp 3 and have questions on what type of x.509
> certificates to be used.
You should probably start by reading the SecurityAndNetworking [1]
topic, especially the section on Keys and Certificates.
> Can we have self-signed X.509 certificates(10 yr validity) for Shibboleth
> Idp or should that be registered (2 yr)? I am afraid that if I roll-out 2
> year validity certificate, I need to work with SPs to get the certificate
> changed every 2 years.
Depending on circumstances, none of that may matter.
> Also, what do the SPs/ Incommon usually trust in general?
If your IdP metadata is registered with InCommon, you should
definitely start there. Search for the topic "X.509 Certificates in
Metadata" for specific recommendations.
HTH,
Tom
[1] SecurityAndNetworking https://wiki.shibboleth.net/confluence/x/VoEOAQ
More information about the users
mailing list