Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Regenerating Key/Certificate Pairs

IdP versions 2.3 and later

This will overwrite the key/certificate pair that your IdP uses. This means that when you restart the IdP it will not be able communicate with SPs until they update their metadata to reflect this change


If you need to regenerate the key material that your IdP uses to communicate with other SPs (for instance because of key compromise or Federation Operator's restrictions), you can do so by using a variant of the installation script.

  1. Change into the IdP distribution directory, shibboleth-identityprovider-VERSION. This is the directory you created when you installed last updates the IdP.
  2. Run either ./ renew-cert (on Unix systems) or install.bat renew-cert (on Windows systems).
  3. Respond to the prompts appropriately.
  4. Restart the IdP

The old key material will be saved in files ending in .bak.version.

You can change the lifetime of the self signed certificate by setting the environment variable IdPCertLifetime to the number of years lifetime required

  • No labels