Generate A SAML Key And Certificate Pair

The openssl utility can be used to generate a SAML (Security Assertion Markup Language) key pair which consists of a public certificate and a private key.

openssl req -new -x509 -days 365 -nodes -sha256 \
  -out saml.crt \
  -keyout saml.key

The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self-signed certificates, for use as root CAs, for example.

The flags to req are as follows:

  • -new for a new certificate (cert) request

  • -x509 to output a self-signed cert instead of a cert request

  • -days 365 for a year-long cert

  • -nodes to not encrypt the private key

  • -sha256 is the digest algorithm for signing the cert

  • -out saml.crt specifies the certificate output file

  • -keyout saml.key specifies the private key output file

See man openssl and search for openssl req for more details.

source

Last updated