Appendix - Creating Certificates

Creating a Self-Signed Certificate - Windows

  1. Download a copy of an OpenSSL Binary from this site:

  2. Open a command prompt.

  3. mkdir c:\<hostname>

  4. cd <hostname>

  5. set RANDFILE=c:\<hostname>.rnd

  6. set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg

  7. c:\OpenSSL-Win32\bin\openssl.exe

  8. genrsa -out <hostname>.key 2048

  9. req -new -x509 -days 3652 -key <hostname>.key -out <hostname>.pem

  10. Enter the following data. Be sure the common name matches the Hostname or IP. Just hit “enter” for Email.

Country Name (2 letter code) []: US
State or Province Name (full name) []: California
Locality Name (e.g., city) []: San Francisco
Organization Name (e.g., company) []: Flying Cars, Inc.
Organizational Unit Name (e.g., section) []: Corporate
Common Name (e.g., web.stanford.edu) []: www.flyingcars.com [This needs to match the HOSTNAME/IP of the SSO Connect configuration]
Email Address []: cto@flyingcars.com

Run: pkcs12 -inkey <hostname>.key -in <hostname>.pem -export -out <hostname>.pfx

Creating a PKCS#12 Signed Certificate from an Existing Certificate - Windows

Download a copy of an OpenSSL Binary from this site:

Open a command prompt and enter:

mkdir c:<hostname>
cd <hostname>
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
c:\OpenSSL-Win32\bin\openssl.exe

Place your private key (e.g. privateKey.key), public key (e.g. certificate.crt), and the CA certificate chain (e.g. CACert.crt) in this folder. Then run this command:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

You may get prompted for the passphrase on the private key. The output file certificate.pfx can be uploaded into the SSO Connect interface. If a keystore passphrase was set, enter the passphrase on the SSO Connect interface.