Creating a key store for SAML

This tutorial shows how to create a key store containing a private key and a certificate suitable for the SAML configuration.

There are many freely available tools. The following examples for the Java keytool (a command-line tool that is part of the Java JRE or JDK) and Keystore Explorer (a free graphical tool) are given.

Using Java keytool

Generate new key store airlock-iam-idp.jks:

keytool -genkeypair -keyalg RSA -keysize 2048 -keystore ./airlock-iam-idp.jks -alias "airlock-iam-idp"

Extract the public key to airlock-iam-idp-public.pem:

keytool -exportcert -rfc -keystore ./airlock-iam-idp.jks -alias "airlock-iam-idp" -file airlock-iam-idp-public.pem

Using Keystore Explorer

The tool is available here:

  1. Create a new key store:
  2. Go to:
    File/New (and follow instructions).
  3. Generate and add new key pair to the key store.
  4. Tools/Generate Key Pair (and follow instructions to create an RSA key).
  1. Get the public key:
  2. Double click on the key (info window will open).
  3. Click the button "PEM" (opens a window containing the public key).