Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:certificates [2017/12/04 15:51] – [The SSL certificate chain on your webserver] Silke Meyer | en:certificates [2017/12/04 15:58] – Wolfgang Pempe | ||
---|---|---|---|
Line 2: | Line 2: | ||
In the context of SAML-based communication between IdP and SP, certificates are used for purposes of signature validation and encryption. Those certificates must be registered for the respective entity using the [[en: | In the context of SAML-based communication between IdP and SP, certificates are used for purposes of signature validation and encryption. Those certificates must be registered for the respective entity using the [[en: | ||
- | **The general rule is:** Entities with invalid (that is expired or revoked) certificates are automatically removed from the productive DFN-AAI federation! | + | **The general rule is:** Entities with invalid (i.e. expired or revoked) certificates are automatically removed from the productive DFN-AAI federation! |
===== Information for Identity Providers / Attribute Authorities ===== | ===== Information for Identity Providers / Attribute Authorities ===== | ||
Cf. [[de: | Cf. [[de: | ||
===== Information for Service Providers ===== | ===== Information for Service Providers ===== | ||
- | All certificates and the respective private keys used for SAML-based communication have to be add to your SP's configuration, | + | All certificates and the respective private keys used for SAML-based communication have to be added to your SP's configuration, |
==== DFN-PKI Certificates ==== | ==== DFN-PKI Certificates ==== | ||
Line 13: | Line 13: | ||
==== Common Trusted CA Certificates ==== | ==== Common Trusted CA Certificates ==== | ||
- | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). They must not exceed a validity of 39 months. If you get an " | + | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). They must not exceed a validity of 39 months. If you get an " |
**Service Providers that are already registered with another federation, the same certificate (i.e. the one registered with the other federation) may be used even if the aforementioned requirements are not met.** In this case, please drop a note to the DFN-AAI [[mailto: | **Service Providers that are already registered with another federation, the same certificate (i.e. the one registered with the other federation) may be used even if the aforementioned requirements are not met.** In this case, please drop a note to the DFN-AAI [[mailto: | ||