Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:certificates [2023/02/01 17:42] Wolfgang Pempeen:certificates [2024/08/27 08:23] (current) – [Information for Service Providers] Wolfgang Pempe
Line 15: Line 15:
  
 === DFN-PKI Certificates === === DFN-PKI Certificates ===
-For SAML-based communication, 3-year valid certificates from the [[https://www.pki.dfn.de/dfn-verein-community-pki|DFN-Verein Community PKI]] are recommended. If you are entitled to request certificates issued by DFN-PKI, please select the "Shibboleth IdP SP" profile when submitting your CSR. Upload the server certificate in the metadata administration tool.+For SAML-based communication, 3-year valid certificates from the [[de:dfnpki:dfnvereincommunitypki|DFN-Verein Community PKI]] are recommended. If you are entitled to request certificates issued by DFN-PKI, please select the "Shibboleth IdP SP" profile when submitting your CSR. Upload the server certificate in the metadata administration tool.
  
 \\ \\
Line 43: Line 43:
  
 === Self-signed Certificates === === Self-signed Certificates ===
-Self-signed certificates may be used if they are not valid for longer than 39 months. For production, the CN (or the subject alternative names) of the certificate must at least contain the domain name of the SP. Ideally it should contain the complete host name. As for the technical details, please refer to the online documentation of [[https://www.switch.ch/aai/guides/sp/configuration/#4|SWITCHaai]]. Please note that the period of validity must be set at 3 years or a maximum of 39 months (keygen tool: ''-y 3'', openssl: ''-days 1170''). +Self-signed certificates may be used if they are not valid for longer than 39 months. For production, the CN (or the subject alternative names) of the certificate must at least contain the domain name of the SP. Ideally it should contain the complete host name. As for the technical details, please refer to the online documentation of [[https://www.switch.ch/aai/guides/sp/configuration/#4|SWITCHaai]]. Please note that the period of validity must be set at 3 years or a maximum of 39 months (keygen tool: ''-y 3'', openssl: ''-days 1170''). The key length must be at least 3072 bits
  
 \\ \\
  • Last modified: 2 years ago