they asked us to send them our new certificate. No idea why they don't
just do what most other SPs do and extract it from the incoming SAML.
So there's bound to be downtime while an IdP changes its cert and OUP
cache the new one.
On 4 Feb 2009, at 09:40, Jon Warbrick wrote:
> On Wed, 4 Feb 2009, Nicole HARRIS wrote:
>> Not heard of the certificate issue before - would be interested to
>> talk about that more if you want to contact me off list.
> Both Eduserv (for the Shib->Athens gateway) and OUP have asked us to
> supply a copy of our certificate.
> It seems common to use X509 certificates as a convenient container
> for transporting public keys. In this usage, it seems common to
> ignore other data in the certificate. This includes the expiry date
> so it _may_ not be necessary to supply a new certificate if the only
> reason for renewal is that it's expired. It will be a different
> matter if the certificate needs to be replaced because the
> corresponding key has been compromised or replaced for some other
> Jon Warbrick
> Web/News Development, Computing Service, University of Cambridge