{"id":92291,"date":"2023-06-27T17:26:06","date_gmt":"2023-06-27T21:26:06","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=92291"},"modified":"2024-03-01T16:20:17","modified_gmt":"2024-03-01T21:20:17","slug":"generate-public-certificates-and-private-keys","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys","title":{"rendered":"Generate Custom Certificate and Private Key Pairs"},"content":{"rendered":"\n

A public certificate and private key pair are required to successfully connect applications with JumpCloud. This certificate and key pair are used during SAML handshakes to successfully authenticate users during an SSO login. Learn more in Managing Public Certificates and Private Key Pairs<\/a>. <\/p>\n\n\n\n

If you do not want to use the pair generated during connector activation, you can generate your own certificate and private key pair. The commands below create a certificate that expires in 1095 days. A new pair should be generated prior to expiration to prevent loss of access to the Service Provider application.<\/p>\n\n\n\n

<\/p><\/div>

Note:<\/strong> \n

By default, JumpCloud SSO SAML connectors support SHA-256 certificates.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

Generating a Public Certificate\/Private Key Pair using OpenSSL<\/strong><\/h2>\n\n\n\n

<\/p><\/div>

Important:<\/strong> \n

These commands only work in Linux\u00ae and Mac\u00ae terminals. If you are using Windows, see Generating a TLS\/SSL Certificate using a Windows\u00ae-based OpenSSL Binary<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

openssl genrsa -out private.pem 2048
openssl req -new -x509 -sha256 -key private.pem -out cert.pem -days 1095<\/kbd><\/p>\n\n\n\n

An example of the expected output:<\/strong><\/p>\n\n\n\n

openssl genrsa -out private.pem 2048<\/kbd><\/p>\n\n\n\n

Generating RSA private key, 2048 bit long modulus
\u2026\u2026\u2026\u2026\u2026\u2026+++
.+++<\/kbd>
e is 65537 (0x10001)<\/kbd><\/p>\n\n\n\n

# openssl req -new -x509 -sha256 -key private.pem -out cert.pem -days 1095<\/kbd><\/p>\n\n\n\n

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,<\/kbd><\/p>\n\n\n\n

If you enter ‘.’, the field will be left blank.<\/kbd><\/p>\n\n\n\n

—–<\/p>\n\n\n\n

Country Name (2 letter code) [US]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:<\/kbd><\/p>\n\n\n\n

Generating a TLS\/SSL Certificate using a Windows\u00ae-based OpenSSL Binary<\/strong><\/h2>\n\n\n\n

To download the OpenSSL application<\/strong><\/h3>\n\n\n\n
    \n
  1. Download the appropriate OpenSSL zip file<\/a>. <\/li>\n<\/ol>\n\n\n\n

    <\/p><\/div>

    Note:<\/strong> \n

    See Binaries <\/a>for more information.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

      \n
    1. Extract the OpenSSL zip file to a convenient folder.<\/li>\n\n\n\n
    2. Download the openssl.cnf template<\/a> and move it to the same convenient folder as the extracted zip file.<\/li>\n<\/ol>\n\n\n\n

      To generate a Public Certificate\/Private Key pair<\/strong><\/h3>\n\n\n\n
        \n
      1. Right-click the OpenSSL application (openssl.exe) in the convenient folder created in the previous section, and select Run as administrator<\/strong>. <\/li>\n<\/ol>\n\n\n\n

        <\/p><\/div>

        Note:<\/strong> \n

        Windows Defender may ask you to confirm that you would like to run this application. If this happens, click More Info<\/strong> and Run Anyway<\/strong>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

          \n
        1. When the Windows command window with the OpenSSL><\/kbd> command prompt appears, run the following:<\/li>\n<\/ol>\n\n\n\n

          genrsa -out private.pem<\/kbd> 2048<\/kbd><\/p>\n\n\n\n

          req -new -x509 -key private.pem<\/kbd> -out cert.pem -days 1095 -config .\\openssl.cnf<\/kbd>
          <\/p>\n\n\n\n

          <\/p><\/div>

          Tip:<\/strong> \n

          Ensure that the name and location of the certificate file is correct in the command.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

            \n
          1. A form similar to the following text appears near the end of the process. Fill it out to finish generating your TLS\/SSL certificate:
            <\/li>\n<\/ol>\n\n\n\n

            You are about to be asked to enter information that will be incorporated
            into your certificate request.
            What you are about to enter is what is called a Distinguished Name or a DN.
            There are quite a few fields but you can leave some blank
            For some fields there will be a default value,<\/kbd><\/p>\n\n\n\n

            If you enter ‘.’, the field will be left blank.<\/kbd><\/p>\n\n\n\n

            – – – – <\/p>\n\n\n\n

            Organization Name (company) [My Company]:
            Organizational Unit Name (department, division) []:
            Email Address []:
            Locality Name (city, district) [My Town]:
            State or Province Name (full name) [State or Providence]:
            Country Name (2 letter code) [US]:
            Common Name (hostname, IP, or your name) []:<\/kbd><\/p>\n\n\n\n

            Determining the Sha256 Fingerprint<\/strong><\/h2>\n\n\n\n

            Sometimes an application will require the Sha256 fingerprint (thumbprint) in lieu of the certificate for its configuration. A fingerprint is a digest of the certificate in x509 binary format. To extract the fingerprint from your certificate, run the following command:<\/p>\n\n\n\n

            openssl x509 -sha256 -in cert.pem -noout -fingerprint<\/kbd><\/p>\n\n\n\n

            <\/p><\/div>

            Tip:<\/strong> \n

            If using Windows, you must run the OpenSSL app as an administrator and execute this command from the OpenSSL><\/kbd> command prompt:<\/p>\n\n\n\n

            x509 -sha256 -in cert.pem -noout -fingerprint<\/kbd><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

            Determining the Sha1 Fingerprint<\/strong><\/h2>\n\n\n\n

            By default, JumpCloud creates sha256 certificates. If you need to extract a sha1 thumbprint for a prebuilt application connector, you can use this online tool<\/a> to do so. Copy and paste the entire content of the certificate, including the beginning and end tags, ensure the Algorithm<\/strong> is set to SHA-1<\/strong>, and then click Calculate Fingerprint<\/strong>. <\/p>\n","protected":false},"excerpt":{"rendered":"

            A public certificate and private key pair are required to successfully connect applications with JumpCloud. This certificate and key pair […]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855,2902,2994],"support_tag":[],"coauthors":[2839],"acf":[],"yoast_head":"\nGenerate Custom Certificate and Private Key Pairs - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to generate a public certificate\/private key pair using OpenSSL or a TLS\/SSL certificate using a Windows-based OpenSSL binary.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Generate Custom Certificate and Private Key Pairs\" \/>\n<meta property=\"og:description\" content=\"Learn how to generate a public certificate\/private key pair using OpenSSL or a TLS\/SSL certificate using a Windows-based OpenSSL binary.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-01T21:20:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys\",\"url\":\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys\",\"name\":\"Generate Custom Certificate and Private Key Pairs - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-06-27T21:26:06+00:00\",\"dateModified\":\"2024-03-01T21:20:17+00:00\",\"description\":\"Learn how to generate a public certificate\/private key pair using OpenSSL or a TLS\/SSL certificate using a Windows-based OpenSSL binary.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Generate Custom Certificate and Private Key Pairs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Generate Custom Certificate and Private Key Pairs - JumpCloud","description":"Learn how to generate a public certificate\/private key pair using OpenSSL or a TLS\/SSL certificate using a Windows-based OpenSSL binary.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys","og_locale":"en_US","og_type":"article","og_title":"Generate Custom Certificate and Private Key Pairs","og_description":"Learn how to generate a public certificate\/private key pair using OpenSSL or a TLS\/SSL certificate using a Windows-based OpenSSL binary.","og_url":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys","og_site_name":"JumpCloud","article_modified_time":"2024-03-01T21:20:17+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"joyjaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys","url":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys","name":"Generate Custom Certificate and Private Key Pairs - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-06-27T21:26:06+00:00","dateModified":"2024-03-01T21:20:17+00:00","description":"Learn how to generate a public certificate\/private key pair using OpenSSL or a TLS\/SSL certificate using a Windows-based OpenSSL binary.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/generate-public-certificates-and-private-keys#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Generate Custom Certificate and Private Key Pairs"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/92291"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/92291\/revisions"}],"predecessor-version":[{"id":106803,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/92291\/revisions\/106803"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=92291"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=92291"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=92291"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=92291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}