>>> On 12/03/2008 at 09:28, in message
<[log in to unmask]>, Heather Peake
<[log in to unmask]> wrote:
> Hello
> I've got an SSL certificate and I'm worried that it isn't the right kind,
> mainly because the file extension that it has is .pem
> If I go ahead and use it and register my IDP on the UK Federation with it
> what happens if it is the wrong kind of certificate?
> Will I bring everything to it's knees? Will I get some sort of warning
> message? Will I just fail to be able to access anything and be sat
> scratching my head as to what could be wrong?
Ignore the scare stories - it's all very simple. If I can get it working first time it must be!
Here's a snippet from my idp.xml:
<FileResolver Id="ukfederationCred">
<Key>
<Path>file:/usr/local/apache2/conf/idp1.key</Path>
</Key>
<Certificate>
<Path>file:/usr/local/apache2/conf/idp1.pem</Path>
<CAPath>file:/usr/local/apache2/conf/sureserverEDU.crt</CAPath>
</Certificate>
</FileResolver>
Don't worry about the fact its called a pem - like Ian says they just don't seem able to make up their minds as to what extension to use.
You do need the key as well of course. And you need to download sureserverEDU.crt (it's a JANET SCS cert isn't it?) to add that to make the chain. There will have been a link to that in the email you received if I remember rightly.
Cheers
Andy
--
|