Appendix - Creating Certificates

Creating a new SSL Certificate signed by a Certificate Authority - Windows
1.
Download a copy of the OpenSSL 32-bit binary from https://slproweb.com/products/Win32OpenSSL.html​
2.
Install OpenSSL to C:\OpenSSL-Win32
3.
If prompted during installation, copy OpenSSL DLLs to the /bin directory
4.
Once installed, open a Command Prompt (cmd.exe) and run the following commands:
cd C:\OpenSSL-Win32\bin
set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
openssl genrsa -out keeper-sso.key 2048
openssl req -new -key keeper-sso.key -out keeper-sso_csr.txt
5.
You will then be prompted with a series of questions -- answer the questions with information pertinent to your organization. Example:
1
Country Name (2 letter code) []: US
2
State or Province Name (full name) []: California
3
Locality Name (e.g., city) []: San Francisco
4
Organization Name (e.g., company) []: Flying Cars, Inc.
5
Organizational Unit Name (e.g., section) []: Corporate
6
Common Name (e.g., web.stanford.edu) []: www.flyingcars.com [This needs to match the HOSTNAME of the SSO Connect configuration]
7
Email Address []: [email protected]
Copied!
Once completed, your new CSR file (keeper-sso_csr.txt) will be generated. Make note of the path of the CSR file (it should be in C:\OpenSSL-Win32\bin).
10. Upload the CSR file to your organization’s SSL Certificate provider, or purchase an SSL certificate from one of the following providers:

Comodo/Sectigo
​GoDaddy 
Namecheap 
​Network Solutions 
​Thawte​
You can also get a free 30 day SSL certificate which is a great way to verify if everything is working before you purchase an SSL cert. The following providers provide free SSL certificates:
​Comodo 
​SSL.com (90 days)
ZeroSSL​
Follow your vendor’s instructions for completing the certificate request. You will then need to wait for your certificate to be issued by your SSL Certificate provider. This can take anywhere between 5 minutes and 24 hours -- check with your vendor regarding their turnaround time.
11.  Once you receive your newly issued certificate bundle (usually a .zip file), place the public key (e.g. certificate.crt), and any other intermediate certificates (e.g. CACert.crt, USERTrust.crt, etc.) in C:\OpenSSL-Win32\bin. The private key file you created (keeper-sso.key) should already be in this directory. 
12.  Open a Command Prompt (cmd.exe) and run the following commands:
cd C:\OpenSSL-Win32\bin

openssl pkcs12 -export -out keeper-sso.pfx -inkey keeper-sso.key -in keeper-sso.crt -certfile CAcert.crt -certfile IntermediateCert.crt
You will be prompted to enter a password to protect the generated PFX file. You willl need this password when importing the PFX file into Keeper SSOConnect.

15. Back in SSO Connect, click “⚙️Configuration”:
16. Drag or upload the keeper-sso.pfx file you just generated into SSO Connect:
17. Click “Save” in the upper right hand corner of SSO Connect and your certificate configuration should be complete.

Creating a PKCS#12 Signed Certificate from an Existing Certificate - Windows
Download a copy of an OpenSSL Binary from this site:
​https://slproweb.com/products/Win32OpenSSL.html​
Open a command prompt and enter:
1
mkdir c:<hostname>
2
cd <hostname>
3
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
4
c:\OpenSSL-Win32\bin\openssl.exe
Copied!
Place your private key (e.g. privateKey.key), public key (e.g. certificate.crt), and the CA certificate chain (e.g. CACert.crt) in this folder. Then run this command:
1
 openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Copied!
You may get prompted for the passphrase on the private key. The output file certificate.pfx can be uploaded into the SSO Connect interface. If a keystore passphrase was set, enter the passphrase on the SSO Connect interface.

Troubleshooting & FAQs

Technical Support

Last modified 1yr ago

Export as PDF

Copy link

Contents

Creating a new SSL Certificate signed by a Certificate Authority - Windows

Creating a PKCS#12 Signed Certificate from an Existing Certificate - Windows