No. The main difference I can see is that the CAS generated idp-signing.key has a -----BEGIN RSA PRIVATE KEY----- versus it seems openssl generates a -----BEGIN PRIVATE KEY----- which indicates a PKCS#1 vs PKCS#8 format. somehow though bouncycastle is thinking it has a public key (not certificate) and private key inside the PKCS#1 format that CAS generates.
On Tuesday, December 4, 2018 at 12:16:43 PM UTC-5, rbon wrote: > > Curtis, > > Will this work: > https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files > > Ray > > On Tue, 2018-12-04 at 08:59 -0800, Curtis Ruck wrote: > > Does anyone know how to generate the idp-signing.key/crt with openssl? It > seems CAS is hardcoded to expect a PEMKeyPair > <https://github.com/apereo/cas/blob/5.3.x/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/crypto/PrivateKeyFactoryBean.java#L57> > object > coming out of PEMParser, but I can't figure out how to use OpenSSL to > generate an appropriate key file. > > Yes, CAS generates it fine, using bouncycastle, but I have to generate > these keys/certificates outside of CAS so I can distribute the trust to the > various SAML 2.0 applications. > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/17472bc9-9142-44df-81dc-e32ef2472768%40apereo.org.
