mace-opensaml-users - Re: [OpenSAML] certificate management

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] certificate management

From: Tom Scavo <>
To:
Subject: Re: [OpenSAML] certificate management
Date: Fri, 7 Jan 2011 09:20:56 -0600
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Rfk2x/nzF+EEetA3jjYKRyN/1/iOYjEdUMAVX5STM0E6XKSIKbqlyNXoCsbNu7z8fr /xkUlA3Kxesk4RTuxYd4q6URnGan3daOmF2SUIGd/XPI8LjBJf56REqXEgT0Sl69btDU b6tAVq/Xc8jFXQsj2PsUQT06p2yWt1CzM5/f8=

On Fri, Jan 7, 2011 at 7:18 AM, Chad La Joie
<>
wrote:
>
> In terms of key rollover we just put both keys in the metadata for a period
> of time and then pull the old one when we think everyone has had enough time
> to get the new metadata.

Chris, if you want more information about key rollover, this page might help:

https://spaces.internet2.edu/x/vAEFAQ

Cheers,
Tom

RE: [OpenSAML] signing performance, (continued)

List archive

Re: [OpenSAML] certificate management