Formatting and info on certificates in SP quickstart

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1850 44740490-163a-0410-bde0-09ae8108e29a

Formatting and info on certificates in SP quickstart
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1850 44740490-163a-0410-bde0-09ae8108e29a
492c0840 · Andreas Åkre Solberg · 255332ce · 492c0840 · 492c0840
Commit 492c0840 authored 15 years ago by Andreas Åkre Solberg
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -156,11 +156,10 @@ For more information about available options in the sp-remote metadata files, se
 Creating a SSL self signed certificate
 --------------------------------------

-For test purposes, you can skip this section, and use the certificate
-included in the simpleSAMLphp distribution.
+For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution.
+
+Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.

-Here is an example of an `openssl`-command which can be used to generate
-a new private key key and the corresponding self-signed certificate.
 This key and certificate can be used to sign SAML messages:

    openssl req -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
@@ -170,8 +169,7 @@ The certificate above will be valid for 10 years.

 ### Note ###

-simpleSAMLphp will only work with RSA certificates. DSA certificates
-are not supported.
+simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.


 ### Warning ###

--- a/docs/simplesamlphp-sp.txt
+++ b/docs/simplesamlphp-sp.txt
@@ -43,6 +43,24 @@ If you want mulitple Service Providers in the same site and installation, you ca
 		'entityID' => 'https://sp2.example.org/,
 	),

+### Enablig a certificate for your Service Provider
+
+Some Identity Providers / Federations may require that your Service Providers holds a certificate. If you enable a certificate for your Service Provider, it may be able to sign requests and response sent to the Identity Provider, as well as receiving encrypted responses.
+
+Create a self-signed certificate in the `cert/` directory.
+
+	cd cert
+	openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
+
+
+Then edit your `authsources.php` entry, and add references to your certificate:
+
+	'default-sp' => array(
+	    'saml:SP',
+	    'privatekey' => 'saml.pem',
+	    'certificate' => 'saml.crt',
+	),
+

 Adding IdPs to the SP
 ---------------------