Page tree
Skip to end of metadata
Go to start of metadata


Edit update.properties to add the new metadata URL:

# Default: haka = http://haka.funet.fi/fed/haka-metadata.xml
com.ubisecure.ubilogin.tools.metadata.url = https://virtu-ds.csc.fi/fed/virtu/virtu-metadata-v5.xml


Examine the new metadata signing certificate from

https://wiki.eduuni.fi/download/attachments/28345571/virtu-metadata-signing-crt2019.pem?version=1&modificationDate=1559034400020&api=v2


Edit metadata-trust.xmlreplace certificate and CRL.

That was determined by examining the certificate using

    openssl openssl.exe x509 -in virtu-metadata-cert-2019.pem -text -noout

and examining the X509v3 CRL Distribution Points: Full Name: field.


The issuer of the certificate has changed

openssl.exe x509 -in c:\tmp\virtu-metadata-cert-2019-pem.txt -text -noout

WARNING: can't open config file: /apache24/conf/openssl.cnf

Certificate:

   Data:

       Version: 3 (0x2)

       Serial Number: 203867023 (0xc26c38f)

   Signature Algorithm: sha256WithRSAEncryption

       Issuer: C=FI, O=Vaestorekisterikeskus CA, OU=Palveluvarmenteet, CN=VRK C for Service Providers - G3

       Validity

           Not Before: May 26 21:00:00 2019 GMT

           Not After : May 26 20:59:59 2021 GMT

       Subject: C=FI, ST=Finland, L=Espoo, O=CSC - Tieteellinen laskenta Oy, CN

virtu-sign.csc.fi

    Subject Public Key Info:

        Public Key Algorithm: rsaEncryption

            Public-Key: (2048 bit)


The issuer root certificate needs to be updated.

The trusted source is https://vrk.fi/ca-varmenteet

The root certificate in PEM format is VRK CA for Service Providers - G3

http://vrk.fineid.fi/certs/vrksp3.crt

Open the file in Windows Certificate viewer, export the certificate as a PEM, remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, and paste the PEM into the file metadata-trust.xml .


The SSL certificate is the same for https://virtu-ds.csc.fi/fed/virtu/virtu-metadata-v4.xml

and

https://virtu-ds.csc.fi/fed/virtu/virtu-metadata-v5.xml, so ssl-trust.xml needs no changes. Both expire on Wednesday, October 23, 2019. Issued by TERENA.