Skip to main content
MindTouch Success Center

Generate a SAML service provider key and certificate

 

This article outlines the steps for generating a service provider (SP) private key and x.509 public certificate for SAML single sign-on (SSO) authentication.
 

Why do I need to generate a private key and public certificate?


You need to generate a private key and x.509 public certificate if you want your service provider (SP) to send SAML requests signed and/or encrypted to your identity provider (IdP).
 

Prerequisites


  • Your IdP supports CA-signed and/or encrypted requests
  • Administrative access to your UNIX-like system and OpenSSL
  • Administrative access to MindTouch
     

How to generate an SP private key and x.509 certificate 


Follow the steps below to generate an SP x.509 public certificate with a private root CA (certificate authority) key:

Step 1: Generate your private key

  • In a UNIX environment, open a command window.
  • Issue the following command and record the generated key:
openssl genrsa -out rootCA.key 2048

Step 2: Generate your x.509 certificate

  • In a UNIX environment, open a command window.
  • Issue the following command (using the previously generated key) and record the certificate:
openssl req -x509 -new -nodes -key rootCA.key -days 365 -out rootCA.crt

Step 3: Provide the key and certificate to MindTouch

  • Was this article helpful?