Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:certificates [2019/07/24 12:53] – [Information for Service Providers] Wolfgang Pempe | en:certificates [2019/07/25 08:42] – Wolfgang Pempe | ||
---|---|---|---|
Line 10: | Line 10: | ||
==== Information for Service Providers ==== | ==== Information for Service Providers ==== | ||
- | All certificates and the respective private keys used for SAML-based communication have to be added to your SP's configuration, | + | All certificates and the respective private keys used for SAML-based communication have to be added to your SP's configuration, |
=== DFN-PKI Certificates === | === DFN-PKI Certificates === | ||
Line 17: | Line 17: | ||
=== Common Trusted CA Certificates === | === Common Trusted CA Certificates === | ||
- | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). They must not exceed a validity of 39 months. If you get an " | + | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). They must not exceed a validity of 39 months. If you get an " |
=== Self-signed Certificates === | === Self-signed Certificates === | ||
Line 27: | Line 27: | ||
$ openssl x509 -noout -fingerprint -sha256 -in self-signed-server-cert.pem | $ openssl x509 -noout -fingerprint -sha256 -in self-signed-server-cert.pem | ||
</ | </ | ||
- | * As a third option, you can send us the certificate in an S/ | + | * As a third option, you can send us the certificate in an S/ |
<callout type=" | <callout type=" | ||
Line 44: | Line 44: | ||
**Next step:** [[en: | **Next step:** [[en: | ||
+ | |||
+ | ==== Certificate / Key Rollover ==== | ||
+ | For an example of a key rollover procedure please refer to the [[https:// | ||
+ | The documentation provided by SWITCH is a bit more detailed: https:// | ||
===== The SSL certificate chain on your webserver ===== | ===== The SSL certificate chain on your webserver ===== |