Create a service provider key store for SAML

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Create a Java key store containing the following items for your instance to sign logout requests.

    시작하기 전에

    Role required: sso_config_admin, business_rule_admin, script_include_admin

    이 태스크 정보

    • Signed server certificate for the instance
    • Signed CA certificate
    • Public and private key pair

    You may create your own signed certificate with a private certificate authority or purchase one from a public certificate authority.

    The following steps illustrate how to generate a new Java Keytool keystore file, create a certificate signing request (CSR), and import certificates. Any root or intermediate certificates need to be imported before importing the primary certificate for your domain. Type these commands in a command line interface.
    주:
    These instructions are not specific to the platform and require technical knowledge of security certificates to complete. Technical Support cannot assist in creating the certificates.

    프로시저

    1. Generate a Java keystore and key pair. 
      keytool -genkey -alias mydomain -keyalg RSA -keystore my.keystore
    2. Generate a CSR for an existing Java keystore. 
      keytool -certreq -alias mydomain -keystore my.keystore -file mydomain.csr
    3. Import a root or intermediate certificate authority CA certificate to an existing Java keystore. 
      keytool -import -trustcacerts -alias root -file Thawte.crt -keystore my.keystore
    4. Import a signed primary certificate to an existing Java keystore. 
      keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore my.keystore