How to create a self-signed x509 certificate with both private and public keys?

Brian David Berman picture Brian David Berman · Jan 22, 2013 · Viewed 17.4k times · Source

I am creating an SSO "proof of concept" using SAML2 and ADFS2 (IdP). Log In is working fine, however ADFS2 is requiring that my Logout request be signed (with a private key) and then I would imagine that I would then add that very same certificate (.cer file) under the Signature tab within my Relying Party Trusts in ADFS2. The only problem is that I don't have a certificate for my app (service provider). I understand that I can create a self-signed cert for this purpose but I can't seem to figure out how to create one with everything I need.

Answer

smartin picture smartin · Jan 22, 2013

In order to generate a self-signed cert you need openssl library so:

Debian: apt-get install openssl

Centos/RedHat: yum install openssl

Then follow this 3 steps:

  • Generate private key:

    openssl genrsa -out server.pem 2048

  • Generate CSR: (In the "Common Name" set the domain of your service provider app)

    openssl req -new -key server.pem -out server.csr

  • Generate Self Signed Cert

    openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt

At the end of the process you will get server.csr (certificate signing request), server.pem (private key) and server.crt (self signed cert)

In windows you can use makecert.exe