SyferLock Help Center

Service Provider Certificates

Generate PEM Certificates

SimpleSAMLPHP requires the x509 certificates to create complete metadata. As most PHP projects, SimpleSAMLPHP required the certificate to be in PEM format. To generate the key and certificate pair, you can run the following OpenSSL command.

#> openssl req -newkey rsa:2048 -new -509 -days {Days Valid} -nodes -out saml.crt -keyout saml.key


Secure Certificate Files

Now move the generated certificate and key file to the {SimpleSAMLPHP Directory}/cert directory. If it doesn't exists, create it. Also make sure the key file is properly secured. Make sure only the web server user can read it. Admins can have read/write access on the file.

Ex. for Unix style systems

chown 640 saml.key
chgrp www-data saml.key (Ubuntu) 



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk