OpenSSL - Generate the Certificate and the Key
OpenSSL – Generate the Certificate and the Key
This is not required at exactly this step, but I think it’s nice to get rid of this simple step right away. You can do this later on, just make sure you do it before configuring the first SP.
Remember that the Certificate and the key, will be used by AD FS and simpleSAMLphp to be able to talk and trust each other.
I’m using the Windows based OpenSSL installation, but if you’re doing this on a Unix box, you can run the exact same command.
- Navigate to the OpenSSL bin folder (c:\Program Files\OpenSSL-Win64\bin)
- Customize it, then run the following:
1openssl.exe req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout C:\temp\simpleSAMLphp.key -out C:\temp\simpleSAMLphp.pem
- So there are mainly three things you want to change:
- -days 365 >> This is the amount of days for which the certificate is valid.
- -out and -keyout >> These are the locations and file names of the Certificate and the Key you want to use.
- Fill in all of the details, such as Country Name, State, Locality, Org Name, Org Unit, common name and email address.
- For example: US, California, San Diego, ITDroplets, IT, myserver.itdroplets.com, firstname.lastname@example.org.
- Copy both the Certificate and the Key to C:\inetpub\wwwroot\simpleSAMLphp\cert.
- 1. Intro
- 2. Requirements
- 3. IIS Configuration for simpleSAMLphp
- 4. OpenSSL - Generate the Certificate and the Key
- 5. simpleSAMLphp - Basic Configuration
- 6. Configure simpleSAMLphp to use AD FS as an IdP
- 7. Creating the Service Provider that we will use with our web app (which we haven't created yet)
- 8. Configuring the Relying Party Trust in AD FS
- 9. Test the SP, before creating the web application
- 10. Create a new web application that will require AD FS Authentication