SAML Certificate and Key with Docker Container

David Wen Riccardi-Zhu davidwen.riccardizhu at
Tue May 5 15:05:50 UTC 2020

To implement a Service Provider, I am using a CentOS 8 Docker container
running Apache and Shibboleth. This container is then deployed to AWS
Elastic Container Service (ECS).

My Dockerfile installs Apache and Shibboleth, copies over the SAML
certificate and key into the container, and finally starts the Shibboleth
daemon and httpd service. I do this to make sure that the autogenerated
keys on installation don't replace the ones currently in use, if the
container gets restarted. I've noted the dates where the certificate and
key will expire, and will need to be replaced.

I'm wondering if I'm missing anything with this approach. I've come across
some documentation discussing rollovers, as well as generating a new
certificate and key daily. Is that seen as a best practice, or am will my
approach work?

Would be very grateful for any insights.

Thank you,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list