Skip to main content
MindTouch Success Center

SAML SSO - Generate a service provider key and certificate

Applies to:
All MindTouch Versions
Role required:
Admin
Generate a service provider (SP) private key and x.509 public certificate for SAML single sign-on (SSO) authentication.

Why generate a private key and public certificate?

You need to generate a private key and x.509 public certificate if you want your service provider (SP) to send SAML requests signed and/or encrypted to your identity provider (IdP).

Prerequisites

  • Your IdP supports CA-signed and/or encrypted requests
  • Administrative access to your UNIX-like system and OpenSSL
  • Administrative access to MindTouch

How to generate an SP private key and x.509 certificate

  1. Generate your private key.
    • In a UNIX environment, open a command window.
    • Issue the following command and record the generated key:
      openssl genrsa -out rootCA.key 2048
      
  2. Generate your x.509 certificate.
    • In a UNIX environment, open a command window.
    • Issue the following command (using the previously generated key) and record the certificate:
      openssl req -x509 -new -nodes -key rootCA.key -days 365 -out rootCA.crt
      
  3. Provide the key and certificate to MindTouch.
  • Was this article helpful?