mirror of
https://github.com/jbranchaud/til
synced 2026-01-03 15:18:01 +00:00
28 lines
1.0 KiB
Markdown
28 lines
1.0 KiB
Markdown
# Generate A SAML Key And Certificate Pair
|
|
|
|
The `openssl` utility can be used to generate a SAML (Security Assertion Markup
|
|
Language) key pair which consists of a public certificate and a private key.
|
|
|
|
```bash
|
|
openssl req -new -x509 -days 365 -nodes -sha256 \
|
|
-out saml.crt \
|
|
-keyout saml.key
|
|
```
|
|
|
|
> The req command primarily creates and processes certificate requests in
|
|
> PKCS#10 format. It can additionally create self-signed certificates, for use
|
|
> as root CAs, for example.
|
|
|
|
The flags to `req` are as follows:
|
|
- `-new` for a new certificate (cert) request
|
|
- `-x509` to output a self-signed cert instead of a cert request
|
|
- `-days 365` for a year-long cert
|
|
- `-nodes` to not encrypt the private key
|
|
- `-sha256` is the digest algorithm for signing the cert
|
|
- `-out saml.crt` specifies the certificate output file
|
|
- `-keyout saml.key` specifies the private key output file
|
|
|
|
See `man openssl` and search for `openssl req` for more details.
|
|
|
|
[source](https://www.lightsaml.com/LightSAML-Core/Cookbook/How-to-generate-key-pair/)
|