Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:certificates [2019/07/25 08:42] – Wolfgang Pempe | en:certificates [2019/09/12 11:16] – Silke Meyer | ||
---|---|---|---|
Line 39: | Line 39: | ||
== Letsencrypt == | == Letsencrypt == | ||
We strongly advise against the use of Letsencrypt certificates for SAML-based communication as they expire after 90 days. Every time, you would have to do a manual certificate rollover in the metadata administration tool. The SP configuration has to be adapted twice for a rollover, too. That is why we recommend self-signed certificates with a validity of 3 years. (If you are securing your webserver with Letsencrypt certificates, | We strongly advise against the use of Letsencrypt certificates for SAML-based communication as they expire after 90 days. Every time, you would have to do a manual certificate rollover in the metadata administration tool. The SP configuration has to be adapted twice for a rollover, too. That is why we recommend self-signed certificates with a validity of 3 years. (If you are securing your webserver with Letsencrypt certificates, | ||
- | |||
- | === Certificate rollover === | ||
- | Whenever you switch to a new certificate, | ||
**Next step:** [[en: | **Next step:** [[en: | ||
- | ==== Certificate / Key Rollover ==== | + | ==== Certificate / Key Rollover |
- | For an example | + | |
- | The documentation provided by SWITCH is a bit more detailed: https:// | + | Whenever you switch to a new certificate, |
===== The SSL certificate chain on your webserver ===== | ===== The SSL certificate chain on your webserver ===== |