Page tree
Skip to end of metadata
Go to start of metadata

Edit to add the new metadata URL:

# Default: haka = =

Examine the new metadata signing certificate from

Edit metadata-trust.xmlreplace certificate and CRL.

That was determined by examining the certificate using

    openssl openssl.exe x509 -in virtu-metadata-cert-2019.pem -text -noout

and examining the X509v3 CRL Distribution Points: Full Name: field.

The issuer of the certificate has changed

openssl.exe x509 -in c:\tmp\virtu-metadata-cert-2019-pem.txt -text -noout

WARNING: can't open config file: /apache24/conf/openssl.cnf



       Version: 3 (0x2)

       Serial Number: 203867023 (0xc26c38f)

   Signature Algorithm: sha256WithRSAEncryption

       Issuer: C=FI, O=Vaestorekisterikeskus CA, OU=Palveluvarmenteet, CN=VRK C for Service Providers - G3


           Not Before: May 26 21:00:00 2019 GMT

           Not After : May 26 20:59:59 2021 GMT

       Subject: C=FI, ST=Finland, L=Espoo, O=CSC - Tieteellinen laskenta Oy, CN

    Subject Public Key Info:

        Public Key Algorithm: rsaEncryption

            Public-Key: (2048 bit)

The issuer root certificate needs to be updated.

The trusted source is

The root certificate in PEM format is VRK CA for Service Providers - G3

Open the file in Windows Certificate viewer, export the certificate as a PEM, remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, and paste the PEM into the file metadata-trust.xml .

The SSL certificate is the same for

and, so ssl-trust.xml needs no changes. Both expire on Wednesday, October 23, 2019. Issued by TERENA.