From 492c08409e47506fa279b34f2b71a4bd0bbbac1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 13 Oct 2009 08:04:55 +0000
Subject: [PATCH] Formatting and info on certificates in SP quickstart

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1850 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-idp.txt | 10 ++++------
 docs/simplesamlphp-sp.txt  | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index 63e1754eb..a370a80c5 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -156,11 +156,10 @@ For more information about available options in the sp-remote metadata files, se
 Creating a SSL self signed certificate
 --------------------------------------
 
-For test purposes, you can skip this section, and use the certificate
-included in the simpleSAMLphp distribution.
+For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution.
+
+Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
 
-Here is an example of an `openssl`-command which can be used to generate
-a new private key key and the corresponding self-signed certificate.
 This key and certificate can be used to sign SAML messages:
 
     openssl req -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
@@ -170,8 +169,7 @@ The certificate above will be valid for 10 years.
 
 ### Note ###
 
-simpleSAMLphp will only work with RSA certificates. DSA certificates
-are not supported.
+simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
 
 
 ### Warning ###
diff --git a/docs/simplesamlphp-sp.txt b/docs/simplesamlphp-sp.txt
index d1c7d4f1b..215ab1dbe 100644
--- a/docs/simplesamlphp-sp.txt
+++ b/docs/simplesamlphp-sp.txt
@@ -43,6 +43,24 @@ If you want mulitple Service Providers in the same site and installation, you ca
 		'entityID' => 'https://sp2.example.org/,
 	),
 
+### Enablig a certificate for your Service Provider
+
+Some Identity Providers / Federations may require that your Service Providers holds a certificate. If you enable a certificate for your Service Provider, it may be able to sign requests and response sent to the Identity Provider, as well as receiving encrypted responses.
+
+Create a self-signed certificate in the `cert/` directory.
+
+	cd cert
+	openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
+
+
+Then edit your `authsources.php` entry, and add references to your certificate:
+
+	'default-sp' => array(
+	    'saml:SP',
+	    'privatekey' => 'saml.pem',
+	    'certificate' => 'saml.crt',
+	),
+
 
 Adding IdPs to the SP
 ---------------------
-- 
GitLab