Guides

Generating a signing certificate

Suggest Edits

Luscii requires the public part of your certificate in a PEM format to verify the signature of your SAML document. We do not require the certificate to be signed by a certificate authority or to have a chain of trust.

There are multiple ways to acquire such a certificate, below you will find instructions on how to generate a self-signed certificate on a unix environment with openssl.

// Generate key and certificate signing request
// Replace {organization_name} with the name of your organization
openssl req -out luscii.csr -new -newkey rsa:2048 -nodes -keyout luscii.key -subj "/CN={organization_name}"

// Sign the key with the .csr file and generate a public key
openssl x509 -signkey luscii.key -in luscii.csr -req -days 400 -out luscii.crt

These two commands will generate 3 files:

  • luscii.crt (public key)
  • luscii.csr (certificate signing request)
  • luscii.key (private key)

The luscii.key file must be used to sign your SAML document. Luscii requires the luscii.crt file to verify the signatures.

Updated 10 months ago