[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Dry Run @ Sun
> To deal with the certificate issues we may need to set up our own local > CA (probably using our CMS product) and this will also mean that the two > dry runs will have different root certs. To deal with this we can either > have the 4 companies from the east make requests of the Sun CA at > Catalyst and then import our root or we can both just import each others > root certs. If there is more to it than that, forgive my stale PKI knowledge. > I found that my local CMS out-of-the-box generated certificates that did not have the SSL Client certificate usage extension set and when I installed one of these certificates for my SAML HTTP client, the iPlanet web server that was hosting my SAML Responder service rejected the certificate for improper use. I had to hack CMS to get it to issue certificates with the SSL Client extension. As far as I know, this is an issue only with CMS and the iPlanet Web Server (but I could be wrong...) If we have obtained certificates from the Baltimore trial CA, could we use those instead? -- Charles
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC