Creating a key store for SAML

This tutorial shows how to create a key store containing a private key and a certificate suitable for the SAML configuration.

There are many freely available tools. The following examples for the Java keytool (a command-line tool that is part of the Java JRE or JDK) and Keystore Explorer (a free graphical tool) are given.

Using Java keytool

Generate new key store airlock-iam-idp.jks:

 
Terminal box
keytool -genkeypair -keyalg RSA -keysize 2048 -keystore ./airlock-iam-idp.jks -alias "airlock-iam-idp"

Extract the public key to airlock-iam-idp-public.pem:

 
Terminal box
keytool -exportcert -rfc -keystore ./airlock-iam-idp.jks -alias "airlock-iam-idp" -file airlock-iam-idp-public.pem

Using Keystore Explorer

The tool is available here: http://keystore-explorer.org/

Create a new key store:

  1. Go to:
    File/New (and follow instructions).
  2. Generate and add new key pair to the key store.
  3. Tools/Generate Key Pair (and follow instructions to create an RSA key).

Get the public key:

  1. Double click on the key (info window will open).
  2. Click the button “PEM” (opens a window containing the public key).