Versions Compared

Old Version 10

changes.mady.by.user jmuriso3@ed.ac.uk

Saved on

compared with

New Version Current

changes.mady.by.user astuart4@ed.ac.uk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed last bullet point that indicated you need to restart the IdP to regenerate key/certificate pairs

...

  1. Change into the IdP distribution directory, shibboleth-identityprovider-VERSION. This is the directory you created when you installed or last updated the IdP.
  2. Run either ./install.sh renew-cert (on Unix systems) or install.bat renew-cert (on Windows systems).
  3. Respond to the prompts appropriately.
  4. Restart the IdP

The new private key, long lived certificate, and keystore files will be generated with the file name suffix '.new' . Once you're ready to use them - after you have updated in the directory you supplied to the script

To use this key/certificate pair, you must first update the IdP's metadata to include the new certificate and published publish the result - copy them over the existing files that . Then rename the files so they don't have the '.new' suffix, and configure them into your IdP. You will need to restart the Java servlet container for the IdP to pick up the new configuration.

Note

The lifetime of the generated certificate can be changed from the default by setting the environment variable IdPCertLifetime to the number of years lifetime required before you run the script.