How to create a self-signed x509 certificate with both private and public keys?

single-sign-on x509certificate adfs2.0 saml-2.0
21,391

Solution 1

In order to generate a self-signed cert you need openssl library so:

Debian: apt-get install openssl

Centos/RedHat: yum install openssl

Then follow this 3 steps:

  • Generate private key:

    openssl genrsa -out server.pem 2048

  • Generate CSR: (In the "Common Name" set the domain of your service provider app)

    openssl req -new -key server.pem -out server.csr

  • Generate Self Signed Cert

    openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt

At the end of the process you will get server.csr (certificate signing request), server.pem (private key) and server.crt (self signed cert)

In windows you can use makecert.exe

Solution 2

I used the SelfSSL tool for Windows when putting together an ADFS proof of concept. Specifically, this guy has an enhanced version for IIS7.

A sample command:

selfssl7.exe /N cn=www.example.com /K 2048 /V 3652 /X /F C:\example.pfx /W foo

Generates "example.pfx" file with a 2048-bit key, valid for ~10 years, with password "foo" protecting the private key, with common name "www.example.com". You can import this to your local machine's certificate store and then export it as a .cer file with or without the private key info as desired.

Share:
21,391
Brian David Berman
Author by

Brian David Berman

Updated on April 24, 2020

Comments

  • Brian David Berman
    Brian David Berman about 4 years

    I am creating an SSO "proof of concept" using SAML2 and ADFS2 (IdP). Log In is working fine, however ADFS2 is requiring that my Logout request be signed (with a private key) and then I would imagine that I would then add that very same certificate (.cer file) under the Signature tab within my Relying Party Trusts in ADFS2. The only problem is that I don't have a certificate for my app (service provider). I understand that I can create a self-signed cert for this purpose but I can't seem to figure out how to create one with everything I need.

  • Brian David Berman
    Brian David Berman over 11 years
    It seems that ADFS is requiring a .cer, .sst or .p7b file. Are either of those possible with your solution?
  • smartin
    smartin over 11 years
    You can use x509 cert for "Token-signing certificate" in ADFS 2.0: technet.microsoft.com/en-us/library/dd807040%28v=WS.10%29.as‌​px The .pb7 is a cert file of the type application/x-pkcs7-certificates To convert from the actual format (PEM or DER) to the pkcs7 format, you can execute: openssl crl2pkcs7 -nocrl -certfile server.crt -out server.p7b .The .sst files are in format application/vnd.ms-pki.certstore Don't know how convert it with openssl
  • smartin
    smartin over 11 years
    .crt and .pem are extension that I used. You can rename them: server.pem to server-private-key.cer server.crt to server-self-signed-cert.cer
  • Brian David Berman
    Brian David Berman over 11 years
    @Sean - And this cert will be able to be used as a way to sign (private key) a Single Log Out request (for example) sent over to ADFS in which ADFS uses the public key to verify? Thanks so much.
  • Brian David Berman
    Brian David Berman over 11 years
    Sean - When I go to export with private key, I don't get .cer as an option, only .pfx. Is that normal?
  • Sean Hanley
    Sean Hanley over 11 years
    @Brian Yes, that's normal. CER format cannot carry additional data like the private key. I believe PFX is more like a container format for lots of different kinds of security data, so it can handle bundling a certificate and key together.
  • smartin
    smartin about 9 years
    You can also use this online tool: samltool.com/self_signed_certs.php
  • tony.0919
    tony.0919 almost 9 years
    You can use openssl req -new -x509 -key privateKey.pem -out cert.cer -days 365 to create a .cer format file from private key.
  • smartin
    smartin about 6 years
    Is also important when generating the pivate key to do it to a robust alg, for example use the -sha512 option

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Steps to implement SSO for php application
Is there a way to provide SAML sp implementation using an Apache filter?
SAML LogOutRequest processing failed on ADFS server
SimpleSamlPhp as SP redirects incorrectly
How to implement openAM SSO to my existing web applications
SAML based SSO with Laravel
What is the correct format for SAML 2.0 Assertions?
SAML Signature verification failed
How to parse a SAML assertion request in .Net
SAML simple example for beginners