Important information about your OpenAthens LA implementation
24 October 2012
We have been informed by the UK Access Management Federation for Education and Research that the certificate they issue to validate the federation metadata expires on Friday 16 November 2012 at 13:26:51 GMT. The certificate is configured with your copy of OpenAthens LA; each time OpenAthens LA retrieves a copy of the federation metadata (usually once every 24 hours), the UK Access Management Federation’s certificate is used to verify that the metadata is valid and genuine, so it is essential that it is updated before then.
What will the impact be?
If your copy of the certificate is allowed to expire, OpenAthens LA will cease to trust Service Providers registered with the UK Access Management Federation, and these products and services will not be available for your users. Users accessing products and services via Athens will not be affected.
How do I fix this?
OpenAthens LA 2.1 and above
Please see our wiki article for detailed instructions.
OpenAthens LA pre 2.1
1. Logon to your OpenAthens LA Runtime server and navigate to the ‘trust’ directory for OpenAthens LA using the following command: cd /usr/local/atacama-platform/trust
2. Download the new certificate from http://metadata.ukfederation.org.uk/ukfederation-2012.pem and verify according to the UK Federation Technical Recommendations for Participants, section 4.3. The file can be downloaded using the following command on the command line: wget http://metadata.ukfederation.org.uk/ukfederation-2012.pem
The OpenAthens LA Runtime will automatically read the new certificate file the next time it refers to the UK Federation metadata.
How can I check that the new certificate is working?
The UK Federation will be informing their registered technical contacts directly on when they will be embedding the new certificate in the metadata; the next automatic refresh of the metadata will invoke the new certificate.
Where can I get further information about this?
If you have any questions about this issue, please contact the Eduserv OpenAthens Service Desk via one of the methods below, using ‘OpenAthens LA certificate update’ as a reference: