Generate and Download a Certificate Bundle for Service Providers and Identity Providers for the IDR SSO Agent
In the Cloud Administration Console, you can generate a certificate bundle that contains the private key, public certificate, and certificate signing request (CSR) that you need when configuring an identity provider (IdP) or a service provider (SP) in an IDR SSO Agent deployment. For more information about certificates, see Cloud Access Service Certificates.
| File | Description |
|---|---|
cert.pem | The certificate in PEM-encoded format. This file contains the public key. A certificate is loaded into an IdP to validate signed identity requests or into an SP to validate signed identity assertions. |
certsign.req | The certificate signing request (CSR) to send to your certificate authority (CA) requesting an identity certificate that has been digitally signed with the private key of the CA. This is not commonly used. |
private.key | The private key file is loaded into an SP to sign identity requests or into an IdP to sign identity assertions. |
public.key | Not used. |
For IdP and SP connections you may generally use the certificate (cert.pem) file right from the zip file. However, some environments may require certificates to be signed by a trusted certificate authority. In this case you can send the certsign.req file to a certificate authority to be signed before uploading it to the appropriate endpoint.
Before you begin
You must be a Super Admin to perform this task.
Procedure
- In the
Cloud Administration Console, navigate to one of the following Connection profile pages:
- In the Add or Edit Connection wizard when you add or edit a SAML application.
- In the Add Identity Provider wizard when you add or edit an identity provider.
- Click
Generate Certificate Bundle.
Either the Generate SAML Certificate dialog box or the Generate Identity Provider Certificate dialog box appears.
- In the Common Name (CN) field, enter the hostname of the HTTPS server for the service provider sending the authentication request, or the Integrated Windows Authentication (IWA) connector server.
- Click
Generate and Download.
The certificate bundle is generated in ZIP format and contains your private key. Store this information in a secure location to protect against unauthorized access.
- Download and extract the contents of the ZIP file.
Concept Information
Certificates and Keys for Service Providers and Identity Providers for the SSO Agent
Trusted Certificate Authorities for HFED or Trusted Headers Applications
Related Tasks
Upload Certificates for Trusted Certificate Authorities
Delete a Trusted Certificate Authority Certificate
Reference Materials
List of Trusted Certificate Authorities for HFED and Trusted Headers Applications
Related Articles
Single quote character ' in CN breaks JavaScript code when using RSA Certificate Manager Number of Views Program Error: 'req-authorize.xuda: Line 518: [XrcNOTFOUND] unable to locate requested member or object. Unable to sign ce… Number of Views Obtain Trace Data for ACE/Server 5.x Number of Views XudaInstanceOf failed to get xuda_cert_req object! result = 48 Number of Views How to configure the RSA Identity Governance and Lifecycle system to prevent users from requesting exceptional access Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager Upgrade Process
