IdP SSL Certificate Renewal

Garmer, Jack - garmercj garmercj at
Wed Apr 17 17:20:45 EDT 2019

Good Evening!

Please correct me if I have a fundamental misunderstanding of how certificates work on the idp side, I inherited this system and I'm still getting my bearings.

Currently, we have two servers configured with a vIP (keepalived) for high availability. is the FQDN for the vIP, then the two servers are named and We've replicated this setup in a dev environment as well. All of the above, to my knowledge, have ssl certs signed by InCommon.

Here is my confusion. We received e-mail notification that the cert for is expiring. I cannot locate the corresponding cert on the server. If I navigate to in a browser, I can pull cert information for I cannot find the cooresponding certificate or key information for on the file systems of either it-federation1 or it-federation2. If I navigate to either fed1 or fed2 directly via web browser, neither have valid certificates.

My question is, how are certificates for the idp stored in a HA shib installation with keepalived and jetty? Are they imported into a keystore? Are they stored in a file other than a .crt, .cer or .pem?

Thank you!


Jack Garmer

Linux Systems Administrator

James Madison University, IT Technical Services

w: 540-568-4235 | c: 540-290-2154
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list