Reputation: 509
Keytool - Generate Public key in X.509 format using existing private key
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
Here is what I have done:
- Generate Self Signed Cert and Private Key from here and save
them in
.pemformat. - Use the private key and generate a public key
with the command
openssl rsa -in key.pem -pubout -out pubkey.pem
When I give these keys to my SAML application, it errors out on the public key generated on step 2 with the following message:
java.io.IOException: Short read of DER length
What's that I am doing wrong here?
Upvotes: 1
Views: 4619
Answers (1)
Reputation: 1339
Question:
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
Answer:
(1) On Ubuntu 22.04, I run the following native openssl command to generate a private/public key pair in X.509 format for a Shibboleth SAML SP application successfully.
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out certreq.csr -days 365
openssl x509 -req -in certreq.csr -signkey key.pem -out cert.pem
(2) I upload the generated public cert/key (i.e., cert.pem) of the Shibboleth SAML SP application to a Shibboleth SAML IdP.
(3) I log in to the Shibboleth SAML SP application successfully through the authentication provided by Shibboleth SAML IdP and OpenLDAP.
Remark:
(I) Please ensure that the IdP or SP database defines sufficient length for Type which is used to store public cert/key or private key, e.g., varchar(2500).
(II) If you run the openssl command under Windows environment, please check my answer for another StackOverflow question Git status ignore line endings / identical files / windows & linux environment / dropbox / mled to remove "premature EOF" from the end of private key and public cert/key.
(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provide an instruction on how to build and run a Shibboleth SAML IdP and SAML SP testbed to test your SAML SP application.
The standalone Shibboleth SAML IdP testbed allows you to check the log to debug your certificate issue.
Upvotes: 3
Related Questions
- Generating RSA keys in PKCS#1 format in Java
- Create a private Key from a PositiveSSL Certificate
- how to generate a private key certificate using keytool
- How to convert a java generated public key to pem format with openssl
- Generate private and public key file using keytool
- Convert a X509 Public key to RSA public key
- java.security.InvalidKeyException: invalid key format on generating RSA public key
- Using Keytool in a java program?
- Java: Generate a custom Private and Public key?
- Java keytool: Inserting a private key into an X.509 certificate