I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
Here is what I have done:
.pem format.openssl rsa -in key.pem -pubout -out pubkey.pemWhen I give these keys to my SAML application, it errors out on the public key generated on step 2 with the following message:
java.io.IOException: Short read of DER length
What's that I am doing wrong here?
Question:
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
Answer:
(1) On Ubuntu 22.04, I run the following native openssl command to generate a private/public key pair in X.509 format for a Shibboleth SAML SP application successfully.
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out certreq.csr -days 365
openssl x509 -req -in certreq.csr -signkey key.pem -out cert.pem
(2) I upload the generated public cert/key (i.e., cert.pem) of the Shibboleth SAML SP application to a Shibboleth SAML IdP.
(3) I log in to the Shibboleth SAML SP application successfully through the authentication provided by Shibboleth SAML IdP and OpenLDAP.
Remark:
(I) Please ensure that the IdP or SP database defines sufficient length for Type which is used to store public cert/key or private key, e.g., varchar(2500).
(II) If you run the openssl command under Windows environment, please check my answer for another StackOverflow question Git status ignore line endings / identical files / windows & linux environment / dropbox / mled to remove "premature EOF" from the end of private key and public cert/key.
(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provide an instruction on how to build and run a Shibboleth SAML IdP and SAML SP testbed to test your SAML SP application.
The standalone Shibboleth SAML IdP testbed allows you to check the log to debug your certificate issue.