Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Support for multiple certificates in Federation Manager?

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Support for multiple certificates in Federation Manager?

Chronological Thread 
  • From: Nick Roy <>
  • To: "" <>
  • Subject: Re: [Metadata-Support] Support for multiple certificates in Federation Manager?
  • Date: Fri, 6 Sep 2019 17:51:17 +0000
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rpNmbJ5qztchtfmj0SzmnMVXd+DxjO5IP/MFkvHqEQI=; b=jcnjcideDmyiOwlfLkLJW2HYnSH3cABYhpp8OxidXJe8a8Q9DUQt7qQrYk1oSSUQi4ylMLvPuMEO5mLiHCyA1GWaaS2WGLUFvfxaz4afUV3vptkpecy5ujtYEZSPERWkumLJ4wmlAuiUiBl735jCv3/ctwLTm3+cATBuFyjYALmGqNNUPUBiOn0o8epcU5JIiKxc34EKHuGT5wkjhp+C4oOaOIzBOvdPckiZA6DU4UAJ84hAEWK4Xcil8b8rB40ytk3pxvC9CeH9h98UORuP6sT6LQP6r29WiAb1R9226A2M0V7iUQgvLcpUUgoyVTxTrw7u2SG6BEqvMz1QIAXr3Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=e0O0Lh9sLZ9VZOp8/vXxJh1eJfoJUzIRabEaegbt2SAXBgwJJCgibyxAnOJqncCeMNH5mhclRpJ9QF0qHugm+0/F4SR1KQ9fBjmYiUbQ5NniY8Mpx8gMHYx0WtP5Bky3Uot7JK7JdVR+avVIaRv8eVeyzISxuX9ipqptTm7++0HmLnzINKD5Yye5BiHNyNdyOWvj5KvImPjuXo20CWco1KfnCTK6NUVppKwt6h+RwvKEmxH7ODVfeNjg0vzMtn/AfvBFUUEXGwtwJfTi1BgGab9Jf0U3YzAxx8cJ5YwZICxaQrwaHx2c5/iBHHdm092ChoHsSRzaH9eSYQdLNC8tIA==

Hi Jesse,

You have to click "Update" at the top of the SP metadata view page in the FM, then scroll down to Digital Certificates, and you can add a second cert. Just don’t click 'Delete' on the old one, and you’ll get a second one added. You’ll get a counterintuitive warning about changing your existing cert, but you will actually be adding a second cert. We have tested this in our dev environment, and it is working.



On 6 Sep 2019, at 11:22, Nick Roy wrote:


My apologies for the late reply. We are looking into this with our software development team.

Best Regards,

Nick Roy
Director of Technology and Strategy

On 21 Aug 2019, at 10:17, Jesse Banning wrote:


I'm unable to find where to add a second certificate to an SP in FM. I also don't see a process for adding certs in the documentation. When I attempted to add a new cert by updating the SP, I was warned that the new cert would replace the existing one despite leaving the "delete" checkbox unchecked.

I'm sure FM must support multiple certificates in metadata this since that's necessary for certificate roll-over as well as for using different certs for signing and encryption.

Can anyone point me in the right direction (or to specific documentation) for configuring an SP with more than one certificate using Federation Manager?


Jesse Banning
Manager of Platform Integration
O'Reilly Media, Inc. (Boston Office)
(617)499-7575 |

Attachment: signature.asc
Description: OpenPGP digital signature

Archive powered by MHonArc 2.6.19.

Top of Page