til/unix/generate-a-saml-key-and-certificate-pair.md

Generate A SAML Key And Certificate Pair

The openssl utility can be used to generate a SAML (Security Assertion Markup Language) key pair which consists of a public certificate and a private key.

openssl req -new -x509 -days 365 -nodes -sha256 \
  -out saml.crt \
  -keyout saml.key

The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self-signed certificates, for use as root CAs, for example.

The flags to req are as follows:

• -new for a new certificate (cert) request
• -x509 to output a self-signed cert instead of a cert request
• -days 365 for a year-long cert
• -nodes to not encrypt the private key
• -sha256 is the digest algorithm for signing the cert
• -out saml.crt specifies the certificate output file
• -keyout saml.key specifies the private key output file

See man openssl and search for openssl req for more details.

source