On Wed, 4 Feb 2009, Nicole HARRIS wrote:
> Not heard of the certificate issue before - would be interested to talk
> about that more if you want to contact me off list.
Both Eduserv (for the Shib->Athens gateway) and OUP have asked us to
supply a copy of our certificate.
It seems common to use X509 certificates as a convenient container for
transporting public keys. In this usage, it seems common to ignore other
data in the certificate. This includes the expiry date so it _may_ not be
necessary to supply a new certificate if the only reason for renewal is
that it's expired. It will be a different matter if the certificate needs
to be replaced because the corresponding key has been compromised or
replaced for some other reason...
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|