Expiring IDP signing certificate

Wessel, Keith kwessel at illinois.edu
Fri Jun 3 16:18:45 UTC 2022

Shibboleth SPs won't care if it expires. That can't be said to be true for all SAML implementations and vendors.

And even though nothing will break, it's high advisable to not have an expired certificate published wit your InCommon metadata.


From: users <users-bounces at shibboleth.net> On Behalf Of Ullfig, Roberto Alfredo via users
Sent: Friday, June 3, 2022 11:16 AM
To: Shib Users <users at shibboleth.net>
Cc: Ullfig, Roberto A (UIC) <rullfig at uic.edu>
Subject: Re: Expiring IDP signing certificate

If you google for "replacing IDP cert incommon" you will get some hits to useful documentation but those sites are currently unavailable. As I understand it though, that certificate expiration date is entirely advisory, nothing should break or change when that self-signed certificate expires. The expiration date is merely advising that you should periodically replace the certificate.

Roberto Ullfig - rullfig at uic.edu<mailto:rullfig at uic.edu>
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
From: users <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net>> on behalf of Ho, PeiQuan via users <users at shibboleth.net<mailto:users at shibboleth.net>>
Sent: Friday, June 3, 2022 10:51 AM
To: users at shibboleth.net<mailto:users at shibboleth.net> <users at shibboleth.net<mailto:users at shibboleth.net>>
Cc: Ho, PeiQuan <PeiQuan.Ho at tufts.edu<mailto:PeiQuan.Ho at tufts.edu>>
Subject: Expiring IDP signing certificate


  Our IDP signing certificate as used in shibboleth.DefaultSigningCredential is expiring.  It is the 10-year self-signed certificate as recommended during installation.  What is the process to update/rollover this cert with minimal impact to SPs?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220603/ef4abf19/attachment.htm>

More information about the users mailing list