We have been informed by the UK Access Management Federation for Education and Research that the certificate they issue to validate the federation metadata expires on Sunday 16 November 2010 at 17:35:26 GMT. The certificate is configured with your copy of OpenAthens LA; each time OpenAthens LA retrieves a copy of the federation metadata (usually once every 24 hours), the UK Access Management Federation’s certificate is used to verify that the metadata is valid and genuine, so it is essential that as a matter of urgency it is updated before then.

What will the impact be?

If your copy of the certificate is allowed to expire, OpenAthens LA will cease to trust Service Providers registered with the UK Access Management Federation, and these products and services will not be available for your users. Users accessing products and services via Athens will not be affected.

How do I fix this?

Logon to you OpenAthens LA Runtime server and navigate to the ‘trust’ directory for OpenAthens LA using the following command:
cd /usr/local/atacama-platform/trust
Download the new certificate from http://metadata.ukfederation.org.uk/ukfederation-2010.pem and verify according to the UK Federation Technical Recommendations for Participants, section 4.4. The file can be downloaded using the following command on the command line:

wget http://metadata.ukfederation.org.uk/ukfederation-2010.pem

The OpenAthens LA Runtime will automatically read the new certificate file the next time it refers to the UK Federation metadata.

How can I check that the new certificate is working?

The UK Federation will be informing their registered technical contacts directly on when they will be embedding the new certificate in the metadata; the next automatic refresh of the metadata will use the new certificate.

Where can I get further information about this?

If you have any questions about this issue, please contact the Eduserv Athens Service Desk via one of the methods below, using 'OpenAthens SP certificate update' as a reference:

· Support web interface (login with your Athens administrator account)

· E-mail: athenshelp@eduserv.org.uk

· Telephone: +44 (0)1225 474333