Which choice is better for a certificate to be used metadata’s for SSO? Frequently changing or one that remains same over long duration?

5 pts.
Tags:
SSO
Web security
In our SAML SSO Setup, currently we are using tomcat certificate in Service Provider metadata for signing and encryption purpose, but since many CAs are providing certificate validity to be very less (30-60 days), It is getting painful to redo the cumbersome SSO Setup on our huge server cluster, everytime the tomcat certificate changes. We are coming up with a new solution to use a different certificate that is self-signed and remains valid for years(>5) for the signing & encryption purpose in SP metadata. Please guide would that be a good choice from a security point of view?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: