Generate and Download a Certificate Bundle for Service Providers and Identity Providers for the IDR SSO AgentGenerate and Download a Certificate Bundle for Service Providers and Identity Providers for the IDR SSO Agent
In the Cloud Administration Console, you can generate a certificate bundle that contains the private key, public certificate, and certificate signing request (CSR) that you need when configuring an identity provider (IdP) or a service provider (SP) in an IDR SSO Agent deployment. For more information about certificates, see Cloud Authentication Service Certificates.
File | Description |
---|---|
cert.pem | The certificate in PEM-encoded format. This file contains the public key. A certificate is loaded into an IdP to validate signed identity requests or into an SP to validate signed identity assertions. |
certsign.req | The certificate signing request (CSR) to send to your certificate authority (CA) requesting an identity certificate that has been digitally signed with the private key of the CA. This is not commonly used. |
private.key | The private key file is loaded into an SP to sign identity requests or into an IdP to sign identity assertions. |
public.key | Not used. |
For IdP and SP connections you may generally use the certificate (cert.pem) file right from the zip file. However, some environments may require certificates to be signed by a trusted certificate authority. In this case you can send the certsign.req file to a certificate authority to be signed before uploading it to the appropriate endpoint.
Before you begin
You must be a Super Admin to perform this task.
Procedure
-
In the
Cloud Administration Console, navigate to one of the following Connection profile pages:
- In the Add or Edit Connection wizard when you add or edit a SAML application.
- In the Add Identity Provider wizard when you add or edit an identity provider.
-
Click
Generate Certificate Bundle.
Either the Generate SAML Certificate dialog box or the Generate Identity Provider Certificate dialog box appears.
- In the Common Name (CN) field, enter the hostname of the HTTPS server for the service provider sending the authentication request, or the Integrated Windows Authentication (IWA) connector server.
-
Click
Generate and Download.
The certificate bundle is generated in ZIP format and contains your private key. Store this information in a secure location to protect against unauthorized access.
- Download and extract the contents of the ZIP file.
Related Concepts
Certificates and Keys for Service Providers and Identity Providers for the SSO Agent
Trusted Certificate Authorities for HFED or Trusted Headers Applications
Related Tasks
Upload Certificates for Trusted Certificate Authorities
Delete a Trusted Certificate Authority Certificate
Related References
List of Trusted Certificate Authorities for HFED and Trusted Headers Applications