Generate and Download a Certificate Bundle for Service Providers and Identity Providers for the IDR SSO Agent
In the Cloud Administration Console, you can generate a certificate bundle that contains the private key, public certificate, and certificate signing request (CSR) that you need when configuring an identity provider (IdP) or a service provider (SP) in an IDR SSO Agent deployment. For more information about certificates, see Cloud Access Service Certificates.
| File | Description |
|---|---|
cert.pem | The certificate in PEM-encoded format. This file contains the public key. A certificate is loaded into an IdP to validate signed identity requests or into an SP to validate signed identity assertions. |
certsign.req | The certificate signing request (CSR) to send to your certificate authority (CA) requesting an identity certificate that has been digitally signed with the private key of the CA. This is not commonly used. |
private.key | The private key file is loaded into an SP to sign identity requests or into an IdP to sign identity assertions. |
public.key | Not used. |
For IdP and SP connections you may generally use the certificate (cert.pem) file right from the zip file. However, some environments may require certificates to be signed by a trusted certificate authority. In this case you can send the certsign.req file to a certificate authority to be signed before uploading it to the appropriate endpoint.
Before you begin
You must be a Super Admin to perform this task.
Procedure
- In the
Cloud Administration Console, navigate to one of the following Connection profile pages:
- In the Add or Edit Connection wizard when you add or edit a SAML application.
- In the Add Identity Provider wizard when you add or edit an identity provider.
- Click
Generate Certificate Bundle.
Either the Generate SAML Certificate dialog box or the Generate Identity Provider Certificate dialog box appears.
- In the Common Name (CN) field, enter the hostname of the HTTPS server for the service provider sending the authentication request, or the Integrated Windows Authentication (IWA) connector server.
- Click
Generate and Download.
The certificate bundle is generated in ZIP format and contains your private key. Store this information in a secure location to protect against unauthorized access.
- Download and extract the contents of the ZIP file.
Concept Information
Certificates and Keys for Service Providers and Identity Providers for the SSO Agent
Trusted Certificate Authorities for HFED or Trusted Headers Applications
Related Tasks
Upload Certificates for Trusted Certificate Authorities
Delete a Trusted Certificate Authority Certificate
Reference Materials
List of Trusted Certificate Authorities for HFED and Trusted Headers Applications
Related Articles
How to use SCP or SFTP Command Line to download (or upload) a file to sftp.rsa.com Number of Views Download Troubleshooting Files Number of Views Download the Encryption Key Number of Views Download the RADIUS Clients Report Number of Views Archive Requests Utility Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Upgrade Process
