Renewing idp 3.4.3 SSL cert

[Cantor, Scott]

The IdP is a web application. Like any web application, the use of TLS has nothing to do with the application itself, it's a web server issue. The IdP itself has no "SSL cert" internally. There should never be any use of that certificate in metadata or in any SAML interactions, as it is too short-lived (soon to be even more short-lived).

I don't really know anything about the configuration of the "pretend you can operate the IdP and not run your own container" variant we built mostly from demand in the UK. If that has its own docs for how to configure what little is exposed, it would be in the wiki, but I don't really know where.

As for Jetty generically, it supports multiple formats for key material. I use PKCS12 personally and that's becoming the standard Java keystore format. I use OpenSSL to manipulate the files personally, though I think it's possible to screw around with keytool now too (and also possible to use various Java-based keystore manager GUIs).

-- Scott