thanks Rod. It seems to accept self signed certs ok. I think it may be
a missing intermediary, so sticking to self signed, or real certs is
fine. Strange thing is, it goes through the attribute gathering
process aftier it barfs. Well, it sends an unknown_ca barf back to the
SP but continues with the attribute process. In the meantime, the SP
just gives up due to the ssl barf. So going by the testshib logs,
"something" at the IdP sends back unknown_ca, while the AA itself is
happy enough to keep going and respond with attributes.
On 30 Aug 2009, at 15:34, Rod Widdowson wrote:
> AFAIK it accepts anything - but the cert *has* to be embedded.
> If in doubt the logs will tell you what it is whining about...
> ----- Original Message ----- From: "Alistair Young" <[log in to unmask]
> To: <[log in to unmask]>
> Sent: Sunday, August 30, 2009 7:29 AM
> Subject: testshib certs
>> sorry, me again!
>> does testshib accept any old cert for a secure AA connection from
>> an SP? It seems to reject self signed certs or certs from certain
>> CAs. Cybertrust is fine. Just wondering if it has the same rules
>> as fed metadata.
>> mov eax,1
>> mov ebx,0
>> int 80h