Skip to topic | Skip to bottom
Home
Federation
Hello TWikiGuest

Create personal sidebar
Federation.WrongCertificater1.1 - 25 Aug 2007 - 13:51 - BrucLiongtopic end
Start of topic | Skip to actions

I've upgraded to level-2 but now my SP doesn't work anymore

First of all...Level-2 federation requires either you have commercial certificates or you use AusCert? certificate for SP's back-end communication.

Common problems are:

  • you use unacceptable certificate (i.e. using level-1 cert for SP registered on level-2)
  • you use certificate signed with wrong purpose 
    openssl x509 -purpose -in /etc/certs/mycert.pem
    • you need client-ssl capable certificate in order for it to communicate to another server (i.e. IdP)
    • most commercial certificate has both client-ssl and server-ssl purposes, however, some will only issue server-ssl (i.e. free IPSCA for education-only cert is server-ssl only)
  • it could be not related to certificate at all, could be simply your registration at the federation is wrong (i.e. have you checked your correct entityId, or modified your shibboleth.xml according to migration path to level-2?)


to top
End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.1 | Total page history | Backlinks
You are here: Federation > FrequentlyAskedQuestions > WrongCertificate

to top

Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback