问题
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
Here is what I have done:
- Generate Self Signed Cert and Private Key from here and save
them in
.pemformat. - Use the private key and generate a public key
with the command
openssl rsa -in key.pem -pubout -out pubkey.pem
When I give these keys to my SAML application, it errors out on the public key generated on step 2 with the following message:
java.io.IOException: Short read of DER length
What's that I am doing wrong here?
回答1:
Question:
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
Answer:
(1) On Ubuntu 16.04, I run the following native openssl command to generate a private/public key pair in X.509 format for a Shibboleth SAML SP application successfully.
openssl genrsa -out key.pem 2048 -days 365
openssl req -new -key key.pem -out certreq.csr
openssl x509 -req -in certreq.csr -signkey key.pem -out cert.pem
(2) I upload the generated public cert/key (i.e., cert.pem) of the Shibboleth SAML SP application to a Shibboleth SAML IdP.
(3) I log in to the Shibboleth SAML SP application successfully through the authentication provided by Shibboleth SAML IdP and OpenLDAP.
Remark:
(I) Please ensure that the IdP or SP database defines sufficient length for Type which is used to store public cert/key or private key, e.g., varchar(2500).
(II) If you run the openssl command under Windows environment, please check my answer for another StackOverflow question Git status ignore line endings / identical files / windows & linux environment / dropbox / mled to remove "premature EOF" from the end of private key and public cert/key.
(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provide an instruction on how to build and run a Shibboleth SAML IdP and SAML SP testbed to test your SAML SP application.
The standalone Shibboleth SAML IdP testbed allows you to check the log to debug your certificate issue.
来源:https://stackoverflow.com/questions/58136994/keytool-generate-public-key-in-x-509-format-using-existing-private-key