Service Provider Key Rollover
For more information on Certificate Migration (Key Rollover), review the Certificate Migration page.
- Complete Step 4 - Create/Rollover Certificate and Key Files.
- Review the Key Rollover section and complete all applicable steps using the files from step 1.
- Restart the web server and SAML software for changes to take effect.
- Do one of the following:
- Delegated Administrators: log in to the Federation Manager and update your SPs directly.
- Everyone else: Submit your new certificate to the Shibboleth Team with the following details:
Mail to: shibboleth-team@andrew.cmu.edu Subject: Certificate Rollover Request Body: Include the following in the message body:
- SP Host Name -This name should be the fully qualified DNS name that your audience will use to access your web service.
- Copy contents of the sp-cert.pem file into the body of the message.
Note: You will be contacted once the certificate rollover request is complete.
Completion of Process
Delegated Administrators
In 3-4 business days, complete the Key Rollover process:
- Remove your old key from InCommon.
- Remove your old key from the configuration on your local SP configuration.
- Restart the web server and SAML software for changes to take effect.
- The Shibboleth Team will notify you when your old key has been removed from InCommon within 3 - 4 business days.
Note: Do not proceed until you are notified. - Remove the old key from your local SP configuration.
- Restart the web server and SAML software for changes to take effect.