<!-- enter new certificate here-->
<CredentialResolver type="File"key="sp_new.key" certificate="sp_new.crt"/>
- Check whether the service continues to function with this configuration:
- RHEL based systems (centOS, Rocky Linux etc.) require the LD_LIBRARY_PATH to be expanded:
- Then restart the Shibboleth service:
- Now contact the IT-ServiceDesk by email to firstname.lastname@example.org and inform the IT Center about the pending change of certificates.
- After 2-3 days, you can change the order in the /etc/shibboleth/shibboleth2.xml file. Restart the Shibboleth service:
- After a further 2-3 days, you can completely remove the old certificate. After doing this, you will need to restart Shibboleth again. Optionally, you can now send an additional email to email@example.com to inform the IT Center that the change of certificates has been completed.