Added information about ca-bundle.crt for origins.
authorndk <ndk@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 22 Sep 2003 05:38:25 +0000 (05:38 +0000)
committerndk <ndk@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 22 Sep 2003 05:38:25 +0000 (05:38 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@762 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/InQueue.html

index 6fcb6a4..2535623 100644 (file)
                                                HEPKI Test CA</a></li>
                                        <li><a href="http://www.cren.net/crenca/">CREN CA</a></li>
                                </ul>
+                               
+                               <p>For origins, OpenSSL must also be configured to use the
+                               appropriate set of trusted roots for the issuance of SSL
+                               certificates that Shibboleth trusts.  For InQueue, this list may
+                               be obtained from <span
+                               class="fixedwidth">http://wayf.internet2.edu/InQueue/ca-bundle.
+                               crt</span>.  This list should then be copied for <span
+                               class="fixedwidth">mod_ssl</span>, which will typically need to
+                               be to <span
+                               class="fixedwidth">/conf/ssl.crt/ca-bundle.crt</span>.  This
+                               list of CA's is <b>not</b> rigorous nor secure and may contain
+                               CA's which have no level of assurance or are questionable.</p>
                        </blockquote>
 
                        <h4>2.4  Attributes</h4>