Generate A SAML Key And Certificate Pair

The openssl utility can be used to generate a SAML (Security Assertion Markup Language) key pair which consists of a public certificate and a private key.

openssl req -new -x509 -days 365 -nodes -sha256 \
  -out saml.crt \
  -keyout saml.key

The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self-signed certificates, for use as root CAs, for example.

The flags to req are as follows:

-new for a new certificate (cert) request
-x509 to output a self-signed cert instead of a cert request
-days 365 for a year-long cert
-nodes to not encrypt the private key
-sha256 is the digest algorithm for signing the cert
-out saml.crt specifies the certificate output file
-keyout saml.key specifies the private key output file

See man openssl and search for openssl req for more details.

source

Previouscrypto Nextdatetime

Last updated 3 years ago

Was this helpful?