2 Replies Latest reply on Sep 3, 2014 4:03 AM by moje2920

Is it possible to have two x.509 certificates for one domain

moje2920 Aug 11, 2014 5:22 AM

Hi everyone,

I am currently working on a Idp project. There are two SPs in the same domain , but these two SPs are using different X.509 certificates. Is it possible for picketlink to allow it?

For example, first SP with issuer domain : www.abc.com/sp1 and another is www.abc.com/sp2, but they are using different X.509 certificate. Does Picketlink support this scenario?

Thanks,

1. Re: Is it possible to have two x.509 certificates for one domain

pcraveiro Aug 14, 2014 8:28 PM (in response to moje2920)

Hey Lg chen,

Yes, as long as your IdP is trusting the certificates from both SPs.

Regards.
Actions
2. Re: Is it possible to have two x.509 certificates for one domain

moje2920 Sep 3, 2014 4:03 AM (in response to pcraveiro)

Hi Pedro,

However, it didn't really work with the following setting. Could you advise if there's any other setting we might need in order to realize it?

<ValidatingAlias Key="localhost" Value="T_SAML_Digital_Sig" />
<ValidatingAlias Key="www.abc.com/sp1" Value="key1_cp_x509" />
<ValidatingAlias Key="www.abc.com/sp2" Value="key2_cp_x509" />

Thanks,
LG
Actions

Go to original post