Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to create a self-signed x509 certificate with both private and public keys?

I am creating an SSO "proof of concept" using SAML2 and ADFS2 (IdP). Log In is working fine, however ADFS2 is requiring that my Logout request be signed (with a private key) and then I would imagine that I would then add that very same certificate (.cer file) under the Signature tab within my Relying Party Trusts in ADFS2. The only problem is that I don't have a certificate for my app (service provider). I understand that I can create a self-signed cert for this purpose but I can't seem to figure out how to create one with everything I need.

like image 732
Brian David Berman Avatar asked Jan 22 '13 17:01

Brian David Berman


2 Answers

In order to generate a self-signed cert you need openssl library so:

Debian: apt-get install openssl

Centos/RedHat: yum install openssl

Then follow this 3 steps:

  • Generate private key:

    openssl genrsa -out server.pem 2048

  • Generate CSR: (In the "Common Name" set the domain of your service provider app)

    openssl req -new -key server.pem -out server.csr

  • Generate Self Signed Cert

    openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt

At the end of the process you will get server.csr (certificate signing request), server.pem (private key) and server.crt (self signed cert)

In windows you can use makecert.exe

like image 154
smartin Avatar answered Nov 02 '22 05:11

smartin


I used the SelfSSL tool for Windows when putting together an ADFS proof of concept. Specifically, this guy has an enhanced version for IIS7.

A sample command:

selfssl7.exe /N cn=www.example.com /K 2048 /V 3652 /X /F C:\example.pfx /W foo

Generates "example.pfx" file with a 2048-bit key, valid for ~10 years, with password "foo" protecting the private key, with common name "www.example.com". You can import this to your local machine's certificate store and then export it as a .cer file with or without the private key info as desired.

like image 27
Sean Hanley Avatar answered Nov 02 '22 04:11

Sean Hanley