Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Expired certificate in our metadata file

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Expired certificate in our metadata file

Chronological Thread 
  • From: Mike Flynn <>
  • To:
  • Subject: Re: [Metadata-Support] Expired certificate in our metadata file
  • Date: Fri, 5 Aug 2016 13:53:11 -0700
  • Authentication-results: x-tls.subject="/C=US/ST=California/L=Mountain View/O=Google Inc/"; auth=pass (cipher=ECDHE-RSA-AES128-GCM-SHA256)
  • Authentication-results:; iprev=pass policy.iprev="2607:f8b0:4001:c0b::246"; spf=softfail smtp.mailfrom="" smtp.helo=""; dkim=pass; tls=pass (verified) key.ciphersuite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" key.length="128" tls.v="tlsv1.2" cert.client="C=US,ST=California,L=Mountain View,O=Google Inc," cert.clientissuer="C=US,O=Google Inc,CN=Google Internet Authority G2"

ADFS does not like multiple certs in metadata either.  For IDPs using ADFS, I give them metadata with one cert.  Can you generate metadata to a file and edit out the other certs and give that to eduCause?

On Fri, Aug 5, 2016 at 1:48 PM, <> wrote:
Hello, ListServ.

I am new to this group, having just inherited responsibility for a Shibboleth
IdP installation from a former coworker at the University of South Carolina.

I am currently looking into a problem regarding an expired certificate in our
metadata. Per our previous administrator, its presence is necessary due to
multiple SPs referencing it, and removing it will be a concerted effort. He
stated that the fact that it is expired shouldn't matter, unless an SP is
explicitly configured not to accept it, and that is the situation in which we
now find ourselves with Educause.

We have a non-expired certificate in our metadata, but Educause is referencing
the expired one and not accepting it. Is there a way that we can make our
non-expired one the preferred or default one, so that unless an SP explicitly
requests to use a different one, we use that one?

I appreciate any guidance or words of wisdom.

Payne Seal

Mike Flynn


Archive powered by MHonArc 2.6.19.

Top of Page