Creating a new key pair
The following topic provides information and instructions for creating a new key pair.
To create a new key pair
- On the BMC Atrium Single Sign-On Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.
On the Certificates tab, from the Certificate Store list, select the option for which you want to create a new Key Pair.
The New option is available only for KeyStore, SAMLv2 KeyStore, and Session KeyStore.
Click New. The New Certificate Key Pair dialog box is displayed.
Enter values for the following parameters:
- Alias Name— When installing BMC Atrium Single Sign-On as a standalone, the alias name must be the FQDN of the host in which the certificate is to be installed. For example, sso.internal.company.domain.com. When installing BMC Atrium Single Sign-On in an HA environment, you may enter any value in this field. For example, tomcat.
- Validity Period—The number of days for which the certificate is valid. This value must be greater than 0.
- SAN—SAN (Subject Alternative Names) is mandatory when the certificate has to be installed in an HA environment. Enter the FQDNs of all the nodes (for example, sso-node1.internal.company.domain.com, sso-node2. internal.company.domain.com) in which the certificate has to be installed. In addition, you must also enter the FQDN of the load balancer (sso-load-balancer.internal.company.domain.com (internal), sso.companyname.com (public)). When you enter the details, separate the different FQDNs using semi-colons.
You are prompted to confirm whether you want to copy the same certificate to the TrustStore. Based on your confirmation, the key pair is created, and it appears in the list of TrustStore certificates as well.
You must choose the option of copying the certificate while creating a new key pair and replicate it in the TrustStore. The certificate in the truststore helps you in establishing a trust relationship with the third party Identity Providers when using SAMLv2 authentication. To verify whether the certificate is imported into the TrustStore, see Checking the truststore for certificates.
- Stop and restart the BMC Atrium Single Sign-On server.