simpleSAMLphp on IIS from scratch (with AD FS)

OpenSSL - Generate the Certificate and the Key

OpenSSL – Generate the Certificate and the Key

This is not required at exactly this step, but I think it’s nice to get rid of this simple step right away. You can do this later on, just make sure you do it before configuring the first SP.

Remember that the Certificate and the key, will be used by AD FS and simpleSAMLphp to be able to talk and trust each other.

I’m using the Windows based OpenSSL installation, but if you’re doing this on a Unix box, you can run the exact same command.

  1. Navigate to the OpenSSL bin folder (c:\Program Files\OpenSSL-Win64\bin)
  2. Customize it, then run the following:
    • So there are mainly three things you want to change:
      • -days 365 >> This is the amount of days for which the certificate is valid.
      • -out and -keyout >> These are the locations and file names of the Certificate and the Key you want to use.
    • Fill in all of the details, such as Country Name, State, Locality, Org Name, Org Unit, common name and email address.
      • For example: US, California, San Diego, ITDroplets, IT,,
  3. Copy both the Certificate and the Key to C:\inetpub\wwwroot\simpleSAMLphp\cert.

4 thoughts on “simpleSAMLphp on IIS from scratch (with AD FS)

  1. Great.
    Question you have the simplesaml install going to a application folder , i thought virtual directory under IIS was the preferred

    1. Thanks Dan! That’s why I wrote about it. It took me a while to get all of the pieces together and working out what config worked best.

Leave a Reply

Your email address will not be published. Required fields are marked *