Skip to main content
NICE CXone Expert
Expert Success Center

Generate a SAML SSO Service Provider Key and Certificate

Applies to:
All MindTouch Versions
Role required:
Admin
Generate a service provider (SP) private key and x.509 public certificate for SAML Single Sign-On (SSO) authentication.

Why Generate a Private Key and Public Certificate?

You need to generate a private key and x.509 public certificate if you want your service provider (SP) to send SAML requests signed and/or encrypted to your identity provider (IdP).

Prerequisites

  • Your IdP supports CA-signed and/or encrypted requests
  • Administrative access to your UNIX-like system and OpenSSL
  • Administrative access to Expert

How to Generate an SP Private Key and X.509 Certificate

  1. Generate your private key.
    • In a UNIX environment, open a command window.
    • Issue the following command and record the generated key:
      openssl genrsa -out rootCA.key 2048
      
  2. Generate your x.509 certificate.
    • In a UNIX environment, open a command window.
    • Issue the following command (using the previously generated key) and record the certificate:
      openssl req -x509 -new -nodes -key rootCA.key -days 365 -out rootCA.crt
      
  3. Provide the key and certificate to Expert.
  • Was this article helpful?