Generating Keys and Certificates for Google Apps Single Sign-On Service from

Google Apps offers the Single Sign-On (SSO) service to customers with Premier, Education, and Partners editions. The Google Apps Single Sign-On service accepts public keys and certificates generated with either the RSA or DSA algorithm. To use the service, you need to generate the set of public and private keys and an X.509 certificate that contains the public key. Once you have a public key or certificate, you would then need to register it with Google. You can do this by simply uploading the key or certificate via your Google Apps Control Panel.
The way you generate keys and certificates often depends on your development platform and programming language preference. In this article, I will show you several different ways to generate the keys and certificate needed by the Google Apps SSO service.

Using OpenSSL

Although there are many methods for creating public and private key pairs, the open-source OpenSSL tool is one of the most popular. It has been ported to all major platforms and provides a simple command-line interface for key generation.

Creating RSA Private Key

RSA private key generation with OpenSSL involves just one step:
openssl genrsa -out rsaprivkey.pem 1024
This command generates a PEM-encoded private key and stores it in the file rsaprivkey.pem. This example creates a 1024-bit key, which should work for nearly any purpose. The resulting private key should be kept secret and is used to sign and decrypt data.
To be able to use the key with the Java SSO sample code however, you need to take the following additional steps:
1. openssl rsa -in rsaprivkey.pem -pubout -outform DER -out rsapubkey.der
2. openssl pkcs8 -topk8 -inform PEM -outform DER -in rsaprivkey.pem -out rsaprivkey.der -nocrypt
Step 1 generates the public key in DER format. Step 2 generates the private key in pkcs8 and DER format. Once generated, you can use these keys (rsapubkey.der and rsaprivkey.der) in the Java SSO sample.
Note that the Java SSO sample code by default expects a DSA key pair, so with RSA keys, you would need to modify the sample code to accept RSA.

Creating DSA Private Key

DSA key generation involves two steps:
1. openssl dsaparam -out dsaparam.pem 1024
2. openssl gendsa -out dsaprivkey.pem dsaparam.pem

More Here


No comments:

For any information, please email to

Disclosure Policy
This blog is a personal blog written and edited by me. This blog accepts forms of cash advertising, sponsorship, paid insertions or other forms of compensation.
This blog abides by word of mouth marketing standards. We believe in honesty of relationship, opinion and identity. The compensation received may influence the advertising content, topics or posts made in this blog. That content, advertising space or post will be clearly identified as paid or sponsored content.
The owner(s) of this blog is not compensated to provide opinion on products, services, websites and various other topics. The views and opinions expressed on this blog are purely the blog owners. If we claim or appear to be experts on a certain topic or product or service area, we will only endorse products or services that we believe, based on our expertise, are worthy of such endorsement. Any product claim, statistic, quote or other representation about a product or service should be verified with the manufacturer or provider.
This blog does not contain any content which might present a conflict of interest.