Appendix - Creating Certificates
Download a copy of an OpenSSL Binary from this site: https://slproweb.com/products/Win32OpenSSL.html
Run as admin and take the default settings
Open command prompt
mkdir c:\<hostname>
cd \<hostname>
set RANDFILE=c:\<hostname>\.rnd
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
c:\OpenSSL-Win32\bin\openssl.exe
genrsa -out <hostname>.key 2048
req -new -x509 -days 3652 -key <hostname>.key -out <hostname>.pem
Enter in the following data. Be sure the common name matches the Hostname or IP. Just hit “enter” for Email.
Country Name (2 letter code) []: US
State or Province Name (full name) []: California
Locality Name (e.g., city) []: Stanford
Organization Name (e.g., company) []: Stanford University
Organizational Unit Name (e.g., section) []: University IT
Common Name (e.g., web.stanford.edu) []: example.stanford.edu [This needs to match the HOSTNAME/IP of the SSO Connect configuration]
Email Address []:
12. pkcs12 -inkey <hostname>.key -in <hostname>.pem -export -out <hostname>.pfx
Download a copy of an OpenSSL Binary from this site:
Run as admin and take the default settings. Open command prompt:
mkdir c:\<hostname>
cd \<hostname>
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
c:\OpenSSL-Win32\bin\openssl.exe
Place your private key (e.g. privateKey.key) and public key (e.g. certificate.crt) and the CA certificate chain (e.g. CACert.crt) in this folder. Then run this command:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
You may get prompted for the passphrase on the private key. The output file (certificate.pfx) can be uploaded into SSO Connect interface. If a keystore passphrase was set, enter the passphrase on the SSO Connect interface.