Edit update.properties to add the new metadata URL:
# Default: haka = http://haka.funet.fi/fed/haka-metadata.xml com.ubisecure.ubilogin.tools.metadata.url = https://virtu-ds.csc.fi/fed/virtu/virtu-metadata-v5.xml |
Examine the new metadata signing certificate from
Edit metadata-trust.xml; replace certificate and CRL.
That was determined by examining the certificate using
openssl openssl.exe x509 -in virtu-metadata-cert-2019.pem -text -noout
and examining the X509v3 CRL Distribution Points: Full Name: field.
The issuer of the certificate has changed
openssl.exe x509 -in c:\tmp\virtu-metadata-cert-2019-pem.txt -text -noout
WARNING: can't open config file: /apache24/conf/openssl.cnf
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 203867023 (0xc26c38f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, O=Vaestorekisterikeskus CA, OU=Palveluvarmenteet, CN=VRK C for Service Providers - G3
Validity
Not Before: May 26 21:00:00 2019 GMT
Not After : May 26 20:59:59 2021 GMT
Subject: C=FI, ST=Finland, L=Espoo, O=CSC - Tieteellinen laskenta Oy, CN
virtu-sign.csc.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
The issuer root certificate needs to be updated.
The trusted source is https://vrk.fi/ca-varmenteet
The root certificate in PEM format is VRK CA for Service Providers - G3
http://vrk.fineid.fi/certs/vrksp3.crt
Open the file in Windows Certificate viewer, export the certificate as a PEM, remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, and paste the PEM into the file metadata-trust.xml .
The SSL certificate is the same for https://virtu-ds.csc.fi/fed/virtu/virtu-metadata-v4.xml
and
https://virtu-ds.csc.fi/fed/virtu/virtu-metadata-v5.xml, so ssl-trust.xml needs no changes. Both expire on Wednesday, October 23, 2019. Issued by TERENA.
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|