Renewing idp 3.4.3 SSL cert
James.Hamilton at csi.cuny.edu
Tue Aug 18 20:10:54 UTC 2020
Thanks for the info Scott.
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Tuesday, August 18, 2020 2:02 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Renewing idp 3.4.3 SSL cert
The IdP is a web application. Like any web application, the use of TLS has nothing to do with the application itself, it's a web server issue. The IdP itself has no "SSL cert" internally. There should never be any use of that certificate in metadata or in any SAML interactions, as it is too short-lived (soon to be even more short-lived).
I don't really know anything about the configuration of the "pretend you can operate the IdP and not run your own container" variant we built mostly from demand in the UK. If that has its own docs for how to configure what little is exposed, it would be in the wiki, but I don't really know where.
As for Jetty generically, it supports multiple formats for key material. I use PKCS12 personally and that's becoming the standard Java keystore format. I use OpenSSL to manipulate the files personally, though I think it's possible to screw around with keytool now too (and also possible to use various Java-based keystore manager GUIs).
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users