signing / encryption keys (certs) for IdP metadata

Cantor, Scott cantor.2 at
Thu Apr 28 20:36:08 UTC 2022

On 4/28/22, 4:19 PM, "users on behalf of Donald Lohr via users" <users-bounces at on behalf of users at> wrote:

>    Is it a good practice to go more that 10 years?

The contents of the certificate aren't allowed to matter. If they matter, then you're dealing with non-compliant software and generally once it expires things might break and whether they break is software-specific. Renewing certificates is generally something that can preserve function for compliant software while addressing the expiration for the rest.

-- Scott

More information about the users mailing list