How to create a self-signed x509 certificate with both private and public keys?
I am creating an SSO "proof of concept" using SAML2 and ADFS2 (IdP). Log In is working fine, however ADFS2 is requiring that my Logout request be signed (with a private key) and then I would imagine that I would then add that very same certificate (.cer file) under the Signature tab within my Relying Party Trusts in ADFS2. The only problem is that I don't have a certificate for my app (service provider). I understand that I can create a self-signed cert for this purpose but I can't seem to figure out how to create one with everything I need.
Answer
In order to generate a self-signed cert you need openssl library so:
Debian:
apt-get install openssl
Centos/RedHat:
yum install openssl
Then follow this 3 steps:
Generate private key:
openssl genrsa -out server.pem 2048Generate CSR: (In the "Common Name" set the domain of your service provider app)
openssl req -new -key server.pem -out server.csrGenerate Self Signed Cert
openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt
At the end of the process you will get server.csr (certificate signing request), server.pem (private key) and server.crt (self signed cert)
In windows you can use makecert.exe