Skip to topic | Skip to bottom
Home
Federation
Hello TWikiGuest

Create personal sidebar
Federation.CertificateIssuesr1.3 - 10 Dec 2007 - 01:17 - PeterHStopic end
Start of topic | Skip to actions

SP Certificate is valid but IdP keeps rejecting it

Things to check:

  • make sure idp's 8443 is configured with optional_no_ca
  • make sure 8443 has SSLVerifyDepth 10 , otherwise the CA may not get validated
  • either the CA or the SP certificate has to be registered in metadata
  • SP certificate has to have client-ssl purpose on it, server-ssl purpose alone is not sufficient! (refer to checking cert purpose)

One good way to test the certificate being issued by a host/port is to use openssl s_client: 

openssl s_client -connect hostname:port

to top
End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.3 | > | r1.2 | > | r1.1 | Total page history | Backlinks
You are here: Federation > FrequentlyAskedQuestions > CertificateIssues

to top

Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback