Skip to main content

Generate Public and Private Keys

You must generate a key pair to use SAML security features. A key pair consists of a public part (the certificate) and a private part (the key). You should publish your certificate with your SAML metadata but keep your private key private.

The private key is used to sign SAML messages; the public certificate is used to encrypt messages so that only you can decrypt them and to verify your signatures.

For security reasons, certificates expire after some time. You must renew them to keep your SAML authentication working.

Use OpenSSL to generate a key pair

  1. Make sure OpenSSL is installed on your system.

  2. Type the following command line:

    $ openssl req -new -x509 -days 365 -nodes -sha256 -out saml.crt -keyout saml.pem

    This will generate two files, saml.crt (the certificate with the public key) and saml.pem (the private key).

Use Windows Subsystem for Linux (WSL) to generate a key pair

  1. Select the Windows Start button and type "command." The Command Prompt application will appear.

  2. Right-click on the Command Prompt application and choose Run as Administrator.

  3. Type the command line:

    wsl -install

    This will install the Ubuntu distro.

    For more detail, or for instructions on installing a different distro, visit how to install Linux on Windows with WSL.

  4. Select Start and search for Ubuntu, or your selected distro, if WSL does not launch automatically. Select the application to open it.

  5. Create a username and password that will be tied to your Linux environment and is separate from your Windows username. Note that you will not see the password characters as you type them into the prompt.

  6. Type the command pwd and you should get a response that looks like /home/<username> where <username> is the username you previously created; if you don't, type cd/home/<username>.

  7. Type the following command into the terminal of your Linux environment:

    $ openssl req -new -x509 -days 365 -nodes -sha256 -out saml.crt -keyout saml.pem

    This will generate two files, saml.crt (the certificate with the public key) and saml.pem (the private key).

  8. Type the following command to access the files from your Windows environment:

    explore.exe

Add public and private keys to the UAS settings

The public and private keys must be added to the UAS settings once they have been generated.

  1. Open each file in a text editor.

  2. Copy the text between the indicators (omit the first and last lines which include the repeated "----" characters).

  3. Paste the text into the appropriate field in the UAS settings (the public key for the .crt file and the private key for the .pem file).