OpenSSL - Generate the Certificate and the Key

OpenSSL – Generate the Certificate and the Key

This is not required at exactly this step, but I think it’s nice to get rid of this simple step right away. You can do this later on, just make sure you do it before configuring the first SP.

Remember that the Certificate and the key, will be used by AD FS and simpleSAMLphp to be able to talk and trust each other.

I’m using the Windows based OpenSSL installation, but if you’re doing this on a Unix box, you can run the exact same command.

1. Navigate to the OpenSSL bin folder (c:\Program Files\OpenSSL-Win64\bin)
2. Customize it, then run the following:

   • openssl.exe req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout C:\temp\simpleSAMLphp.key -out C:\temp\simpleSAMLphp.pem

   • So there are mainly three things you want to change:
     • -days 365 >> This is the amount of days for which the certificate is valid.
     • -out and -keyout >> These are the locations and file names of the Certificate and the Key you want to use.
   • Fill in all of the details, such as Country Name, State, Locality, Org Name, Org Unit, common name and email address.
     • For example: US, California, San Diego, ITDroplets, IT, myserver.itdroplets.com, myemail@itdroplets.com.
3. Copy both the Certificate and the Key to C:\inetpub\wwwroot\simpleSAMLphp\cert.