[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Same certificate for https and SAML signing
* Vasu Y <vyal2k@yahoo.com> [2014-03-10 17:51]: > We already have an (SSL) certificate to make our app available on > https. Any thoughts (best practice) on using the same key-pair for > SAML signing and encryption purpose or go with a new one? That depends on the relying-parties you're intending to federate with, as well as the trust model. E.g. if you can get by with a self-signed certificate for securing SAML messages (e.g. following https://wiki.oasis-open.org/security/SAML2MetadataIOP) -- that's often preferrable since you can then roll over keys on your own terms, instead of those imposed by the CA -- you'll end up with different key pairs for TLS/SSL/HTTPS and SAML. -peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]