docs: Change examples to generate 2048 bit RSA keys.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@2711 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
f5ee701a17
commit
92a48f7016
|
@ -11,7 +11,7 @@ This is used for SSL client authentication when contacting the IdP.
|
|||
|
||||
To generate a private key and certificate, you may use the `openssl` commandline utility:
|
||||
|
||||
openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
|
||||
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
|
||||
|
||||
You can then add the private key and certificate to the SP configuration.
|
||||
When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
|
||||
|
|
|
@ -45,7 +45,7 @@ For test purposes, you can skip this section, and use the certificate included i
|
|||
|
||||
Here is an example of openssl commands to generate a new key and a self signed certificate to use for signing SAML messages:
|
||||
|
||||
openssl genrsa -des3 -out googleappsidp.key 1024
|
||||
openssl genrsa -des3 -out googleappsidp.key 2048
|
||||
openssl rsa -in googleappsidp.key -out googleappsidp.pem
|
||||
openssl req -new -key googleappsidp.key -out googleappsidp.csr
|
||||
openssl x509 -req -days 9999 -in googleappsidp.csr -signkey googleappsidp.key -out googleappsidp.crt
|
||||
|
|
|
@ -189,7 +189,7 @@ Here is an example of an `openssl`-command which can be used to generate a new p
|
|||
|
||||
This key and certificate can be used to sign SAML messages:
|
||||
|
||||
openssl req -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
|
||||
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
|
||||
|
||||
The certificate above will be valid for 10 years.
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ Some Identity Providers / Federations may require that your Service Providers ho
|
|||
Create a self-signed certificate in the `cert/` directory.
|
||||
|
||||
cd cert
|
||||
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
|
||||
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
|
||||
|
||||
|
||||
Then edit your `authsources.php` entry, and add references to your certificate:
|
||||
|
|
|
@ -35,7 +35,7 @@ If you enable a certificate for your Service Provider, it may be able to sign re
|
|||
Create a self-signed certificate in the `cert/` directory.
|
||||
|
||||
cd cert
|
||||
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
|
||||
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
|
||||
|
||||
|
||||
Then edit your `authsources.php` entry, and add references to your certificate:
|
||||
|
|
Reference in New Issue