Differences

This shows you the differences between two versions of the page.

--- en:certificates [2021/10/20 12:02] – [Information for Service Providers] changed color to DFN CD Silke Meyer
+++ en:certificates [2022/11/29 17:05] – Wolfgang Pempe
@@ Line 13: / Line 13: @@
 === DFN-PKI Certificates ===
-For general information, please refer to https://www.pki.dfn.de/dfn-aai-zertifikate/ \\
+For SAML-based communication, 3-year valid certificates from the [[https://www.pki.dfn.de/dfn-verein-community-pki|DFN-Verein Community PKI]] are recommended. If you are entitled to request certificates issued by DFN-PKI, please select the "Shibboleth IdP SP" profile when submitting your CSR. Upload the server certificate in the metadata administration tool.
-If you are entitled to request certificates issued by DFN-PKI, please select the "Shibboleth IdP SP" profile when submitting your CSR. Upload the server certificate in the metadata administration tool.
 === Common Trusted CA Certificates ===
@@ Line 89: / Line 88: @@
 If there is another intermediate certificate, compare the above issuer hash with its hash and so on. Like this, you crawl up to the root certificate step by step.
-If you use the Apache webserver, point the SSLCACertificateFile directive to your chain file. (See the example configuration on [[de:shibidp3prepare-http#konfiguration|IdP Preparations: HTTPServer]] resp. [[de:shibsp#konfigurationsbeispiel|Shibboleth SP configuration example]]).
+If you use the Apache webserver, point the SSLCACertificateFile directive to your chain file. (See the example configuration on [[de:shibidp:prepare-http#vhost-konfiguration|IdP Preparations: Webserver]] (de) resp. [[de:shibsp#konfigurationsbeispiel|Shibboleth SP configuration example]]).
 Once you have added you certificate chain, adapted your configuration and activated it you can verify it with OpenSSL: