No. The main difference I can see is that the CAS generated idp-signing.key has a -----BEGIN RSA PRIVATE KEY----- versus it seems openssl generates a -----BEGIN PRIVATE KEY----- which indicates a PKCS#1 vs PKCS#8 format. somehow though bouncycastle is thinking it has a public key (not certificate) and private key inside the PKCS#1 format that CAS generates.
On Tuesday, December 4, 2018 at 12:16:43 PM UTC-5, rbon wrote: > > Curtis, > > Will this work: > https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files > > Ray > > On Tue, 2018-12-04 at 08:59 -0800, Curtis Ruck wrote: > > Does anyone know how to generate the idp-signing.key/crt with openssl? It > seems CAS is hardcoded to expect a PEMKeyPair > <https://github.com/apereo/cas/blob/5.3.x/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/crypto/PrivateKeyFactoryBean.java#L57> > object > coming out of PEMParser, but I can't figure out how to use OpenSSL to > generate an appropriate key file. > > Yes, CAS generates it fine, using bouncycastle, but I have to generate > these keys/certificates outside of CAS so I can distribute the trust to the > various SAML 2.0 applications. > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca <javascript:> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/17472bc9-9142-44df-81dc-e32ef2472768%40apereo.org.
