From 6cdbc28fa84a51c6fb332d481f9cd0900d144344 Mon Sep 17 00:00:00 2001 From: jbranchaud Date: Thu, 18 Feb 2021 10:18:16 -0600 Subject: [PATCH] Add Generate A SAML Key And Certificate Pair as a unix til --- README.md | 3 ++- ...enerate-a-saml-key-and-certificate-pair.md | 27 +++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 unix/generate-a-saml-key-and-certificate-pair.md diff --git a/README.md b/README.md index 26caaf2..ad90ad8 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ pairing with smart people at Hashrocket. For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud). -_1052 TILs and counting..._ +_1053 TILs and counting..._ --- @@ -990,6 +990,7 @@ _1052 TILs and counting..._ - [Find Newer Files](unix/find-newer-files.md) - [Fix Unlinked Node Binaries With asdf](unix/fix-unlinked-node-binaries-with-asdf.md) - [Forward Multiple Ports Over SSH](unix/forward-multiple-ports-over-ssh.md) +- [Generate A SAML Key And Certificate Pair](unix/generate-a-saml-key-and-certificate-pair.md) - [Get Matching Filenames As Output From Grep](unix/get-matching-filenames-as-output-from-grep.md) - [Get The Unix Timestamp](unix/get-the-unix-timestamp.md) - [Global Substitution On The Previous Command](unix/global-substitution-on-the-previous-command.md) diff --git a/unix/generate-a-saml-key-and-certificate-pair.md b/unix/generate-a-saml-key-and-certificate-pair.md new file mode 100644 index 0000000..ce3dc16 --- /dev/null +++ b/unix/generate-a-saml-key-and-certificate-pair.md @@ -0,0 +1,27 @@ +# Generate A SAML Key And Certificate Pair + +The `openssl` utility can be used to generate a SAML (Security Assertion Markup +Language) key pair which consists of a public certificate and a private key. + +```bash +openssl req -new -x509 -days 365 -nodes -sha256 \ + -out saml.crt \ + -keyout saml.key +``` + +> The req command primarily creates and processes certificate requests in +> PKCS#10 format. It can additionally create self-signed certificates, for use +> as root CAs, for example. + +The flags to `req` are as follows: +- `-new` for a new certificate (cert) request +- `-x509` to output a self-signed cert instead of a cert request +- `-days 365` for a year-long cert +- `-nodes` to not encrypt the private key +- `-sha256` is the digest algorithm for signing the cert +- `-out saml.crt` specifies the certificate output file +- `-keyout saml.key` specifies the private key output file + +See `man openssl` and search for `openssl req` for more details. + +[source](https://www.lightsaml.com/LightSAML-Core/Cookbook/How-to-generate-key-pair/)