To use an external certificate for SAML signing, you must generate a Certificate Signing Request (CSR) from the admin console. The CSR is sent to a certificate authority to generate the SSL certificate.
About this task
A certificate generated without the CSR from the admin console is not supported.
- In the Catalog tab, select .
- Click Generate CSR
- Enter the requested information. Options with an asterisk (*) are required.
Enter the fully qualified domain name. For example,
Enter the legally registered name of the organization. For example,
Enter the department in your company that is added in the certificate. For example,
Enter the city where your organization is legally located.
Enter the state or region where your organization is located. Do not abbreviate.
Enter a few letters of your country name to select the correct country from the list.
Key Generation Algorithm*
Select the secure hash algorithm used to sign the CSR.
Select the number of bits used in the key. RSA 2048 is recommended. RSA key size smaller than 2048 is considered insecure.
- Click Generate.
Give the CSR to the certificate authority to create the certificate.
What to do next
When you receive the certificate, upload the certificate to the VMware Identity Manager service. The CA replaces the self-signed certificate.