There are various ways to create certificates but we are using IIS Manager to create self-signed certificates. Steps to do is shown below:
- Open IIS
- Select the server node on the left
- Open “Server Certificates” in the features view
- Click “Create Self Signed Certificate” on the right-side panel
- Choose a certificate name and click OK
- Double click the certificate you just created
- On the details tab (in popup UI) click “Copy to file”
- Click next
- Now to create public or private key certificate follow following steps:
i. Public Key Certificate
- Select “No, do not export the private key” and click next
- Leave “DER encoded binary” selected and click next
- Choose a path and provide filename to save it to and click next then finish
ii. Private Key Certificate
- Select “Yes, export the private key” and click next
- Leave “Personal Information Exchange” selected and click next
- Provide password and click next (remember password as you will need it later)
- Choose a path to save it to and click next then finish
iii. Get private key from Private Key Certificate
- Use OpenSSL to get the RSA private key from the private key certificate. Download the OpenSSL of required (latest) version from: http://slproweb.com/products/Win32OpenSSL.html
- Install OpenSSL
- Go to the bin directory in the installation location. For example: C:\OpenSSL-Win32\bin
- Open openssl.exe
(Note: if OpenSSL doesn’t open properly then skip following steps and follow the Alternative Method found below this Annex)
- Execute command shown below to convert PFX to PEM pkcs12 -in <pfx file> -out <PrivateKey.key> -nodes For example:
OpenSSL pkcs12 -in D:\IdP\private-key-certificate.pfx -out D:\IdP\PrivateKey.key -nodes
- Open the PrivateKey.Key file. If the file has “BEGIN RSA PRIVATE KEY” and “END RSA PRIVATE KEY” then skip step #7 and go to step #8. Otherwise, continue with step #7.
- Execute command shown below to get RSA private key. rsa -in <Privatekey.key> -out <RSA_Privatekey.key>
For example:
OpenSSL> rsa -in D:\IdP\PrivateKey.key -out D:\ IdP\RSA_PrivateKey.key
NOTE: All the text between “BEGIN RSA PRIVATE KEY” and “END RSA PRIVATE KEY” is the required private key. By default, keys are on different lines
- Get all private key characters on the same line and copy.
- Open the VenioSetup.ini file found in API and paste the key to set the value of “IdP_Privatekey.” For example :
[IDP Settings]
SP_Issuer= http://192.168.169.98/VenioWeb
IdP_Privatekey =
MIIEowIBAAKCAQEA6N2zSEdXFRIx3ERt4H3ubQ6muSBODAusMx8o7GzrgJbNciGJjaVjRx6OIVN2nZ VEL5dDGn6+yc7ohFlz/Lf4Dk6s
Alternative Method (if OpenSSL doesn’t open properly)
- Open Command Prompt (cmd) and run following OpenSSL commands directly
to convert PFX to PEM
openssl pkcs12 -in <pfx file> -out <PrivateKey.key> -nodes
For example: openssl pkcs12 -in C:\IdP\private-key-certificate.pfx -out C:\IdP\PrivateKey.key -nodes
- Open the PrivateKey.Key file. If the file has “BEGIN RSA PRIVATE KEY” and “END RSA PRIVATE KEY” then skip step #3 and go to step #4. Otherwise, continue with step #3.
- Execute command shown below to get RSA private key.
openssl rsa -in <Privatekey.key> -out <RSA_Privatekey.key> -traditional
For example:
openssl rsa -in C:\IdP\PrivateKey.key -out C:\IdP\RSA_Privatekey.key -traditional
NOTE: All the text between “BEGIN RSA PRIVATE KEY” and “END RSA PRIVATE KEY” is the required private key. By default, keys are on different lines
- Get all private key characters on the same line and copy.
- Open the VenioSetup.ini file found in API and paste the key to set the value of “IdP_Privatekey.” For example :
[IDP Settings]
SP_Issuer= http://abc.veniosystems.com/Venioweb
IdP_Privatekey =
MIIEowIBAAKCAQEA6N2zSEdXFRIx3ERt4H3ubQ6muSBODAusMx8o7GzrgJbNciGJjaVjRx6OIVN2nCg/4Z3p1Su/Dth5H7xmX93z00eJvSllKPcu3V7haPAJEeqUUpyI6RDt63tkMtGy1zOz6dR8qYvbi5zlo4qGi2amD7jFb4wNnU2Y/Chf1MhyVG7BwFEy0dQTyg/cRr/eCnZ VEL5dDGn6+yc7ohFlz/Lf4Dk6s
Comments
0 comments
Please sign in to leave a comment.