Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:certificates [2022/12/01 15:32] – Wolfgang Pempe | en:certificates [2023/01/06 14:31] – Wolfgang Pempe | ||
---|---|---|---|
Line 11: | Line 11: | ||
==== Information for Service Providers ==== | ==== Information for Service Providers ==== | ||
All certificates and the respective private keys used for SAML-based communication have to be added to your SP's configuration, | All certificates and the respective private keys used for SAML-based communication have to be added to your SP's configuration, | ||
+ | |||
+ | \\ | ||
=== DFN-PKI Certificates === | === DFN-PKI Certificates === | ||
For SAML-based communication, | For SAML-based communication, | ||
+ | |||
+ | \\ | ||
=== Common Trusted CA Certificates === | === Common Trusted CA Certificates === | ||
You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). If you get an " | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). If you get an " | ||
+ | |||
+ | \\ | ||
=== Own/Local CA === | === Own/Local CA === | ||
- | For institutions/ | + | For certificates from a local CA the same rules apply as for self-signed |
- | **Note:** If required, local CAs can also be hosted by the DFN-PCA (contact: https://www.pki.dfn.de/ | + | |
- | **Important: | + | \\ |
- | A good guide to operating your own CA can be found [[https:// | + | |
- | Parameters to be considered: | + | |
- | * Root Private Key: RSA, 4096 Bit | + | |
- | * Validity of the root certificate: | + | |
- | * Validity of the issued certificates: | + | |
- | * Key length of the issued certificates: | + | |
- | * Signature algorithm: sha256 | + | |
- | * The CN of the issued certificate corresponds to the FQDN of the respective IdP/SP host. | + | |
=== Self-signed Certificates === | === Self-signed Certificates === |