Generate and Download a Certificate Bundle for Service Providers and Identity Providers for the SSO Agent
In the Access Administration Console, you can generate a certificate bundle that contains the private key, public certificate, and certificate signing request (CSR) required for signing service provider-initiated (SP-initiated) authentication requests for SAML applications, and for configuring an identity provider in the Access Administration Console.
In the Cloud Administration Console, you can generate a certificate bundle that contains the private key, public certificate, and certificate signing request (CSR) that you need when configuring an identity provider (IdP) or a service provider (SP) in an SSO Agent deployment. For more information about certificates, see Cloud Authentication Service Certificates.
A certificate bundle zip file contains:
The certificate in PEM-encoded format. This file contains the public key. A certificate is loaded into an IdP to validate signed identity requests or into an SP to validate signed identity assertions.
The certificate signing request (CSR) to send to your certificate authority (CA) requesting an identity certificate that has been digitally signed with the private key of the CA. This is not commonly used.
The private key file is loaded into an SP to sign identity requests or into an IdP to sign identity assertions.
For IdP and SP connections you may generally use the certificate (cert.pem) file right from the zip file. However, some environments may require certificates to be signed by a trusted certificate authority. In this case you can send the certsign.req file to a certificate authority to be signed before uploading it to the appropriate endpoint.
Before you begin
You must be a Super Admin to perform this task.
In the Cloud Administration Console, navigate to one of the following Connection profile pages:
In the Add or Edit Connection wizard when you add or edit a SAML application.
In the Add Identity Provider wizard when you add or edit an identity provider.
Click Generate Certificate Bundle.
Either the Generate SAML Certificate dialog box or the Generate Identity Provider Certificate dialog box appears.
In the Common Name (CN) field, enter the hostname of the HTTPS server for the service provider sending the authentication request, or the Integrated Windows Authentication (IWA) connector server.
Click Generate and Download.
The certificate bundle is generated in ZIP format and contains your private key. Store this information in a secure location to protect against unauthorized access.
Download and extract the contents of the ZIP file.