To use an external certificate for SAML signing, you must generate a Certificate Signing Request (CSR) from the admin console. The CSR is sent to a certificate authority to generate the SSL certificate.

About this task

Note:

A certificate generated without the CSR from the admin console is not supported.

Procedure

  1. In the Catalog tab, select Settings > SAML Metadata.
  2. Click Generate CSR
  3. Enter the requested information. Options with an asterisk (*) are required.

    Option

    Description

    Common Name*

    Enter the fully qualified domain name. For example, www.example.com

    Organization*

    Enter the legally registered name of the organization. For example, Mycompany, Inc.

    Department

    Enter the department in your company that is added in the certificate. For example, IT Services.

    City*

    Enter the city where your organization is legally located.

    State/Province*

    Enter the state or region where your organization is located. Do not abbreviate.

    Country*

    Enter a few letters of your country name to select the correct country from the list.

    Key Generation Algorithm*

    Select the secure hash algorithm used to sign the CSR.

    Key Size*

    Select the number of bits used in the key. RSA 2048 is recommended. RSA key size smaller than 2048 is considered insecure.

  4. Click Generate.

    Give the CSR to the certificate authority to create the certificate.

What to do next

When you receive the certificate, upload the certificate to the VMware Identity Manager service. The CA replaces the self-signed certificate.