Keystore generation Creating a key store for SAML

This tutorial shows how to create a key store containing a private key and a certificate suitable for the SAML configuration.

There are many freely available tools. The following examples for the Java keytool (a command-line tool that is part of the Java JRE or JDK) and Keystore Explorer (a free graphical tool) are given.

Using Java keytool

Generate new key store airlock-iam-idp.jks:

keytool -genkeypair -keyalg RSA -keysize 2048 -keystore ./airlock-iam-idp.jks -alias "airlock-iam-idp"

Extract the public key to airlock-iam-idp-public.pem:

keytool -exportcert -rfc -keystore ./airlock-iam-idp.jks -alias "airlock-iam-idp" -file airlock-iam-idp-public.pem

Using Keystore Explorer

The tool is available here:

Create a new key store:

  • File/New (and follow instructions)
  • Generate and add new key pair to key store:
  • Tools/Generate Key Pair (and follow instructions to create an RSA key)

Get the public key:

  • Double click on the key (info window will open)
  • Click the button "PEM" (opens a window containing the public key)