Generate a SAML SSO Service Provider Key and Certificate

Last updated
Save as PDF

Applies to:: All MindTouch Versions
Role required:: Admin

Generate a service provider (SP) private key and x.509 public certificate for SAML Single Sign-On (SSO) authentication.

Why Generate a Private Key and Public Certificate?

You need to generate a private key and x.509 public certificate if you want your service provider (SP) to send SAML requests signed and/or encrypted to your identity provider (IdP).

Prerequisites

Your IdP supports CA-signed and/or encrypted requests
Administrative access to your UNIX-like system and OpenSSL
Administrative access to Expert

How to Generate an SP Private Key and X.509 Certificate

Generate your private key.
- In a UNIX environment, open a command window.
- Issue the following command and record the generated key:
```
openssl genrsa -out rootCA.key 2048
```
Generate your x.509 certificate.
- In a UNIX environment, open a command window.
- Issue the following command (using the previously generated key) and record the certificate:
```
openssl req -x509 -new -nodes -key rootCA.key -days 365 -out rootCA.crt
```
Provide the key and certificate to Expert.
- Contact the Expert Support Team.
- Enter the key and certificate in the appropriate fields.