Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:certificates [2019/07/25 08:43] – [Certificate / Key Rollover] Wolfgang Pempe | en:certificates [2021/01/27 10:09] – Wolfgang Pempe | ||
---|---|---|---|
Line 17: | Line 17: | ||
=== Common Trusted CA Certificates === | === Common Trusted CA Certificates === | ||
- | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). They must not exceed a validity of 39 months. If you get an " | + | You can use certificates issued by common Certification Authorities (CAs) that are preinstalled in the most common web browsers (Google Chrome, Firefox, Microsoft Edge). If you get an " |
=== Self-signed Certificates === | === Self-signed Certificates === | ||
Line 39: | Line 39: | ||
== Letsencrypt == | == Letsencrypt == | ||
We strongly advise against the use of Letsencrypt certificates for SAML-based communication as they expire after 90 days. Every time, you would have to do a manual certificate rollover in the metadata administration tool. The SP configuration has to be adapted twice for a rollover, too. That is why we recommend self-signed certificates with a validity of 3 years. (If you are securing your webserver with Letsencrypt certificates, | We strongly advise against the use of Letsencrypt certificates for SAML-based communication as they expire after 90 days. Every time, you would have to do a manual certificate rollover in the metadata administration tool. The SP configuration has to be adapted twice for a rollover, too. That is why we recommend self-signed certificates with a validity of 3 years. (If you are securing your webserver with Letsencrypt certificates, | ||
- | |||
- | === Certificate rollover === | ||
- | Whenever you switch to a new certificate, | ||
**Next step:** [[en: | **Next step:** [[en: | ||
==== Certificate / Key Rollover (SP) ==== | ==== Certificate / Key Rollover (SP) ==== | ||
- | For an example | + | |
- | The documentation provided by SWITCH is a bit more detailed: https:// | + | Whenever you switch to a new certificate, |
===== The SSL certificate chain on your webserver ===== | ===== The SSL certificate chain on your webserver ===== |