Credential failed name check error upon updating SP certificate

Cantor, Scott cantor.2 at
Thu Apr 7 14:08:48 UTC 2022

It's only going to care about the name if the key isn't in the metadata. Old configurations still fall back into PKIX trust (I don't know if we're still shipping that, I think we changed the default at some point to stop), and that's where the name checking is done. And that usually won't work without other extensions in the metadata so the message is really just "this isn't the same key that's in the metadata" at the end of the day.

-- Scott

More information about the users mailing list