Skip to Content.

edugain-discuss - [eduGAIN-discuss] reference for expired certificate warning

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive


[eduGAIN-discuss] reference for expired certificate warning


Chronological Thread 
  • From: "Zenon Mousmoulas" <zmousm AT noc.grnet.gr>
  • To: edugain-discuss AT lists.geant.org
  • Subject: [eduGAIN-discuss] reference for expired certificate warning
  • Date: Tue, 19 Nov 2019 08:37:27 +0000

Hi,

could someone help with this question:

What is the basis for validator warnings about expired signing/encryption
certificates found in metadata?

It is mentioned in BCP as a low significance condition:

https://wiki.geant.org/display/eduGAIN/Best+Current+Practice

It is also mentioned in SAML2 MetaIOP §2.5.1: "it is RECOMMENDED that
certificates be unexpired" (yet preceded by an explicit statement that this
does not matter).

https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop.pdf

The former is referenced by eduGAIN SAML Profile §4:

https://github.com/REFEDS/SAML-Profile/blob/master/edugain-saml-profile.md#4-saml-metadata-signing

Is there anything else I am missing?

Cheers,
Z.



Archive powered by MHonArc 2.6.19.

Top of Page