signing / encryption keys (certs) for IdP metadata

[Cantor, Scott]

On 4/28/22, 4:19 PM, "users on behalf of Donald Lohr via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:

>    Is it a good practice to go more that 10 years?

The contents of the certificate aren't allowed to matter. If they matter, then you're dealing with non-compliant software and generally once it expires things might break and whether they break is software-specific. Renewing certificates is generally something that can preserve function for compliant software while addressing the expiration for the rest.

-- Scott