Pure's logos
Pure Help Center for Pure Administrators

If you are a researcher, or other non-admin at your institution, click here.

  • Home
  • Announcements
  • Release Notes
  • Training
  • Events
  • Support
  • Contact Us
  • Home
  • Knowledge base articles
  • Pure Core

How Can We Help?

Search Results

Filter By Category

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Contact us

Generating SAML Certificates and Private KeysGenerating SAML Certificates and Private Keys

What

The SSO configuration requires a certificate. If you need a certificate for SSO, either because it's new setup or because it is expired and users can't login. See How to Check if a SAML Certificate is Expired for the latter part.
The below is a guide on how to generate a certificate and private key.

SAML2 configuration page in Pure:



Administrator > Security > Admin > SAML2 (WAYF, Shibboleth)
Certificate and private key must be present for SSO (single sign on) to work. If these are not present, the user will not be able to use SSO.
A certificate is valid for 720 days, and will expire hereafter. SSO will not work with an expired certificate, so a new must be generated.

Note: This is a suggested guide, and might not be the way you do this internally. As it is not a Pure specific feature to generate the certificate, we might not be able to support you in this.

How

  • Before you start, you must open a terminal on your computer.
    • In this example with a Mac it is [CMD] + [Space],
  • Search for "Terminal" and open the app.
    • Alternatively go to Applications > Utilities > Terminal.app
  • Generate a private key with the following command:
openssl genrsa -out key.pem 2048
  • For OpenSSL v3 and up please use:
openssl genrsa 	-out key.pem -traditional 2048
  • Then create a sign request with this command:
openssl req -new -key key.pem -out request.csr
  • And finally to generate the certificate run this command:
openssl req -x509 -days 720 -key key.pem -in request.csr -out certificate.pem
  • Now you should have 3 files:
    • Key.pem
    • request.csr
    • certificate.pem
  • Open key.pem with a text editor, copy the text and paste the contents to the field called "Private key (PEM format) to use for secure communication with the IDP"

    • The text should begin with
"-----BEGIN RSA PRIVATE KEY-----"

  • Open certificate.pem with a text editor, copy the text and paste the contents to the field called "Certificate (PEM format) to use for secure communication with the IDP"
    • The text should begin with
“-----BEGIN CERTIFICATE-----”
  • Click save and the users should be able to login.

 

Updated at August 12, 2024

Download
Table of Contents
  1. What
  2. How
Related Articles
  • SAML2 (WAYF, Shibboleth, ADFS)
  • How to Check if a SAML Certificate is Expired
  • Troubleshooting SAML Authentication Errors
Keywords
  • authentication
  • saml2
  • wayf
  • shibboleth
  • adfs

Was this article helpful?

Yes
No
Give feedback about this article

    About Pure

  • Announcements

    Additional Support

  • Events
  • Client Community
  • Training

    Need Help?

  • Contact Us
  • Submit a Support Case
  • My Cases
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
Elsevier logo Relx logo

Copyright © 2024 Elsevier, except certain content provided by third parties.

  • Terms & Conditions Terms & Conditions
  • Privacy policyPrivacy policy
  • AccesibilityAccesibility
  • Cookie SettingsCookie Settings

Knowledge Base Software powered by Helpjuice

Expand