Document that certFingerprint now accepts an array.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@690 44740490-163a-0410-bde0-09ae8108e29a

Document that certFingerprint now accepts an array.
5a58beb6 · Olav Morken · 70f19a3b · 5a58beb6
Commit 5a58beb6 authored 16 years ago by Olav Morken
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -436,13 +436,20 @@
            <glossterm>certFingerprint</glossterm>

            <glossdef>
-              <para>The <literal>md5</literal> checksum of the certificate
+              <para>The <literal>sha1</literal> checksum of the certificate
              used by the IdP. If you don't know how to compute this, you can
              leave it as it is, and then you'll get an error message the
              first time you try to login. In this error message you are told
              what is the fingerprint of the IdP certificiate, which you may
              copy to this metadata parameter.</para>

+              <para>It is also possible to add an array of valid fingerprints,
+              where any fingerprints in that array is accepted as valid. This
+              can be used to update the certificate of the IdP without having
+              to update every SP at that exact time. Instead, one can update
+              the SPs with the new fingerprint, and only update the certificate
+              after every SP is updated.</para>
+
              <para>See <xref linkend="a.fingerprint" /> for an example of how
              to calculate the fingerprint with the <literal>openssl</literal>
              tool.</para>
@@ -783,13 +790,20 @@
          <glossterm>certFingerprint</glossterm>

          <glossdef>
-            <para>The <literal>md5</literal> checksum of the certificate used
+            <para>The <literal>sha</literal> checksum of the certificate used
            by the IdP. If you don't know how to compute this, you can leave
            it as it is, and then you'll get an error message the first time
            you try to login. In this error message you are told what is the
            fingerprint of the IdP certificiate, which you may copy to this
            metadata parameter.</para>

+            <para>It is also possible to add an array of valid fingerprints,
+            where any fingerprints in that array is accepted as valid. This
+            can be used to update the certificate of the IdP without having to
+            update every SP at that exact time. Instead, one can update the
+            SPs with the new fingerprint, and only update the certificate
+            after every SP is updated.</para>
+
            <para>See <xref linkend="a.fingerprint" /> for an example of how
            to calculate the fingerprint with the openssl tool.</para>
          </glossdef>