Creating signing and encryption certificates
You must create signing and encryption certificates to use for establishing a trust relationship between the Identity Provider (IdP)—such as AD FS and LDAP—and the BMC Atrium Single Sign-On server. Generate two certificates: one for signing (example test_sig sha1) and one for encrypting (example test_enc sha1).
If you plan to exchange metadata XML files from the IdP server, you do not need to import or export the signing and encryption certificates manually, because they are exchanged as a part of the SAMLv2 metadata.
To create signing and encryption certificates
- On the BMC Atrium SSO Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.
On the Certificates tab, select SAMLv2 KeyStore from the Certificate Store list.
Click New. The New Certificate Key Pair dialog box is displayed.
Enter the following parameter values:
- Alias Name—The alias name for the generated certificate. Generally, this value is the host name for the certificate.
- Validity Period—The number of days for which the certificate is valid. This value must be greater than 0.
- SAN—The subject alternative names. SANs are semicolon-separated, valid, resolvable DNS host names.
- Click Generate.
- Stop and restart the BMC Atrium Single Sign-On server.