Skip to Content.
Sympa Menu

inc-ops-notifications - Re: Expiration and Renewal: InCommon Metadata Signing Cert

Subject: InCommon Operations Notifications

List archive

Re: Expiration and Renewal: InCommon Metadata Signing Cert


Chronological Thread 
  • From: John Krienke <>
  • To: InCommon Operations Notifications <>
  • Subject: Re: Expiration and Renewal: InCommon Metadata Signing Cert
  • Date: Wed, 02 Jun 2010 15:29:20 -0400
  • Organization: Internet2
The metadata signing certificate has been renewed per the test and transition plan outlined below.

The old cert is archived at
https://wayf.incommonfederation.org/bridge/certs/incommon-exp_2010-06-21.pem

The new cert is at
https://wayf.incommonfederation.org/bridge/certs/incommon.pem

regards,

john.



On 5/24/10 9:28 AM, John Krienke wrote:
The InCommon Metadata Signing Cert EXPIRES JUNE 21st.

The new cert is available for 1 week of testing in the following location.
https://wayf.incommonfederation.org/bridge/certs/incommon-test.pem

After one week of testing, it will replace the expiring cert in the
production location:
https://wayf.incommonfederation.org/bridge/certs/incommon.pem

At that time, the expiring cert will be moved to the following location:
https://wayf.incommonfederation.org/bridge/certs/incommon-exp_2010-06-21.pem


-------------------
WHAT YOU SHOULD DO
-------------------

Download the new cert at the test link above. If the cert validates both
the Current and Test Metadata, then start using the New cert right away.

------------------
1 WEEK OF TESTING
------------------

Testing will occur from Tuesday MAY 25th through Tuesday JUNE 1st.
* The current (expiring in June) metadata signing Cert will be available
in the production location.
o Production Location:
https://wayf.incommonfederation.org/bridge/certs/incommon.pem
* We will publish metadata signed by old and new certs:
* Metadata locations:
o http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
o http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
* We will produce a prod-test diff between the metadata files and post
it to the metadata-diff email list and archive
* We will also test with a very old, already-expired cert with the same
key (March 2005), validating the test Metadata, in order to forecast
problems that may occur. None are expected as we had no problems with
certificate renewal 2 years ago. We've already successfully tested with
our Internet2 IdP and found no problems with validating the metadata.

- InCommon Operations.


  • Re: Expiration and Renewal: InCommon Metadata Signing Cert, John Krienke, 06/02/2010

Archive powered by MHonArc 2.6.16.

Top of Page