Appendix - Creating Certificates
Download a copy of the OpenSSL 32-bit binary from https://slproweb.com/products/Win32OpenSSL.html
Install OpenSSL to C:\OpenSSL-Win32
If prompted during installation, copy OpenSSL DLLs to the /bin directory
Once installed, open a Command Prompt (cmd.exe) and run the following commands:
cd C:\OpenSSL-Win32\bin set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg openssl genrsa -out keeper-sso.key 2048 openssl req -new -key keeper-sso.key -out keeper-sso_csr.txtYou will then be prompted with a series of questions -- answer the questions with information pertinent to your organization. Example:
Country Name (2 letter code) []: USState or Province Name (full name) []: CaliforniaLocality Name (e.g., city) []: San FranciscoOrganization Name (e.g., company) []: Flying Cars, Inc.Organizational Unit Name (e.g., section) []: CorporateCommon Name (e.g., web.stanford.edu) []: www.flyingcars.com [This needs to match the HOSTNAME of the SSO Connect configuration]Email Address []: [email protected]
Once completed, your new CSR file (keeper-sso_csr.txt) will be generated. Make note of the path of the CSR file (it should be in C:\OpenSSL-Win32\bin).
10. Upload the CSR file to your organization’s SSL Certificate provider, or purchase an SSL certificate from one of the following providers: Comodo/Sectigo GoDaddy Namecheap Network Solutions Thawte
You can also get a free 30 day SSL certificate which is a great way to verify if everything is working before you purchase an SSL cert. The following providers provide free SSL certificates:
Comodo SSL.com (90 days) ZeroSSL
Follow your vendor’s instructions for completing the certificate request. You will then need to wait for your certificate to be issued by your SSL Certificate provider. This can take anywhere between 5 minutes and 24 hours -- check with your vendor regarding their turnaround time.
11. Once you receive your newly issued certificate bundle (usually a .zip file), place the public key (e.g. certificate.crt), and any other intermediate certificates (e.g. CACert.crt, USERTrust.crt, etc.) in C:\OpenSSL-Win32\bin. The private key file you created (keeper-sso.key) should already be in this directory.
12. Open a Command Prompt (cmd.exe) and run the following commands:
cd C:\OpenSSL-Win32\bin
openssl pkcs12 -export -out keeper-sso.pfx -inkey keeper-sso.key -in keeper-sso.crt -certfile CAcert.crt -certfile IntermediateCert.crt
You will be prompted to enter a password to protect the generated PFX file. You willl need this password when importing the PFX file into Keeper SSOConnect. 15. Back in SSO Connect, click “⚙️Configuration”:
16. Drag or upload the keeper-sso.pfx file you just generated into SSO Connect:
17. Click “Save” in the upper right hand corner of SSO Connect and your certificate configuration should be complete.
Download a copy of an OpenSSL Binary from this site:
Open a command prompt and enter:
mkdir c:<hostname>cd <hostname>set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfgc:\OpenSSL-Win32\bin\openssl.exe
Place your private key (e.g. privateKey.key), public key (e.g. certificate.crt), and the CA certificate chain (e.g. CACert.crt) in this folder. Then run this command:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
You may get prompted for the passphrase on the private key. The output file certificate.pfx can be uploaded into the SSO Connect interface. If a keystore passphrase was set, enter the passphrase on the SSO Connect interface.
