Switching Cert on IDP

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Switching Cert on IDP

babiko
This post was updated on .
I've been told that the wildcard cert we use uses SHA-1 and will be deprecated soon. (Our cert vendor says this will throw up warnings, not necessarily stop things.)   I was also told that this wouldn't affect the credentials and metadata in shibboleth since it uses a different cert.  I don't much about the certs and credentials on the server - it was set up by another vendor.  From what I can tell it uses the 3rd party wildcard cert we use everywhere.  I don't see a self-signed cert.

Am I headed for trouble with this come the start of the year?  I have no/little experience setting up the cert files on a Windows server with Tomcat Apache.  That might be handled by our network people but I'm not sure where I'm headed with all the configuration for shibboleth.  

Thoughts?

Thanks,
Bill


More info:  We are using the CA wildcard cert for the credentials and metadata in Shibboleth  I went back on my notes to see why we didn't use the self-signed cert created by the install, but swapped it out for the one created from the CA cert.  I was following instructions to set up Office 365 for federated authority with Shibboleth.  The youtube video series was by Mauro Minella (Office365 and Shibboleth Federation).  I'm not sure if this was done for ECP.  

I was told that this probably wouldn't affect authentication since the communication doesn't care about SHA-1.  I asked Microsoft about the effect on Office 365 but they didn't seem to know.  Still a bit worried.  -Bill