Expiring IDP signing certificate

Cantor, Scott cantor.2 at osu.edu
Thu Jun 9 12:45:26 UTC 2022

On 6/8/22, 5:08 PM, "users on behalf of Ullfig, Roberto Alfredo via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:

>    I don't think this was mentioned but you can configure the Shibboleth IDP to support more than one signing
> private key - basing the key off of the relying party. We had to do this for one of our service providers that was
> having difficulty updating the public certificate. That SP continued to use the expired private key for a week or
> so.

I posted an example of the best way to deal with all this in the wiki last week.


-- Scott

More information about the users mailing list