To use an external certificate for SAML signing, you must generate a Certificate Signing Request (CSR) from the VMware Identity Manager console. The CSR is sent to a certificate authority to generate the SSL certificate.

1. In the Catalog tab, select Web Apps Settings > SAML Metadata.
2. Click Generate CSR
3. Enter the requested information. Options with an asterisk (*) are required.

   Option	Description
   Common Name*	Enter the fully qualified domain name. For example, www.example.com
   Organization*	Enter the legally registered name of the organization. For example, Mycompany, Inc.
   Department	Enter the department in your company that is added in the certificate. For example, IT Services.
   City*	Enter the city where your organization is legally located.
   State/Province*	Enter the state or region where your organization is located. Do not abbreviate.
   Country*	Enter a few letters of your country name to select the correct country from the list.
   Key Generation Algorithm*	Select the secure hash algorithm used to sign the CSR.
   Key Size*	Select the number of bits used in the key. RSA 2048 is recommended. RSA key size smaller than 2048 is considered insecure.

4. Click Generate.
   Give the CSR to the certificate authority to create the certificate.