Multiple certificates doing both signing+encryption
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 2 21:00:23 UTC 2021
On 11/2/21, 4:23 PM, "users on behalf of Jay Athalye" <users-bounces at shibboleth.net on behalf of jay.athalye at gmail.com> wrote:
> I assume this is not best practice - and I am working towards marking one of them as "use=encryption".
Other than complicating rollover there isn't really any particular good or bad about any of it. SPs don't even need signing keys unless they intend to support logout.
> But I am curious about which cert is used for signing in this case? Is it the first cert in the config without the
> "use" attribute?
If there's no other constraint or configuration involved, yes.
-- Scott
More information about the users
mailing list