Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

The following uses the cross platform open-source Keystore Explorer (http://www.keystore-explorer.org/). Other tools are available.

Create a self-signed certificate in Keystore Explorer

  • Select "Create a new KeyStore"
  • Select JKS and then click OK
  • From the Tools menu select Generate Key Pair (or press CTRL+G)
  • Choose RSA with a keysize of 2048 and click OK
  • Click the book icon next to Name field and fill in Common Name (CN) with your application name and Organization Name (O) with your application host name
  • Click OK and then OK
  • Set the alias to "1" (no quotes)
  • When prompted for a new password just click OK
  • Hopefully you'll see a message saying creation successful
  • Select File -> Save
  • When prompted for password just click OK
  • Save as atacamaKeystore.jks
  • Double click on the newly created key pair
  • Click the PEM button bottom right
  • Copy the PEM including the BEGIN/END CERTIFICATE lines (you will paste it into the dashboard)
  • Move the created keystore to your classpath.

Return to Java installation

Use an existing certificate pair 
Anchor
install
install

When you already have a key pair to use, e.g. if you are upgrading from another type of SAML software such as Shibboleth.

First get your public and private keys ready as separate files, then in Keystore Explorer...

  • Select "Create a new KeyStore"
  • Select JKS and then click OK
  • Tools > Import key pair
  • Select the type you are importing from (usually OpenSSL)
  • Import the files, decrypting as necessary
  • Set the alias to "1" (no quotes)
  • When prompted for a new password just click OK
  • Hopefully you'll see a message saying creation successful
  • Select File -> Save
  • When prompted for password just click OK
  • Save as atacamaKeystore.jks
  • Double click on the newly created key pair
  • Click the PEM button bottom right
  • Copy the PEM including the BEGIN/END CERTIFICATE lines (you will paste it into the dashboard)
  • Move the created keystore to your classpath.

 

Return to Java installation