API Docs & Tools Blog Help
Federated Applications: Generating your x.509 certificate in Java, OpenSSL or .Net - Intuit Developer Community Blog

July 23, 2009 | Jarred Keneally

Federated Applications: Generating your x.509 certificate in Java, OpenSSL or .Net

Are you ready to create a Federated Application on the Intuit Partner Platform? Need help generating your x.509 certificate for testing? Coding in Java or .Net? Here's how…

You need to provide Intuit with your public key if you wish to Federate your application, here are the instructions for generating those x.509 certificates. Keep in mind these tools generate your certificate for testing only!

Microsoft .Net Instructions:

exe: MakeCert.exe

Location: C:Program FilesMicrosoft Visual Studio 9.0Common7Tools

Step 1: Create the .cer and .pvk, you will be prompted to create a password.

MakeCert -r -pe -ss IPPSampleStoreName -n "CN=IPPSample" IPPSample.cer -sky exchange -sv IPPSample.pvk

Step 2: Combine both files into the pfx file which is easily used by the .Net framework. Password is intuit for this example.

pvk2pfx -pvk IPPSample.pvk -pi intuit -spc IPPSample.cer -pfx IPPSample.pfx -f

Step 3: Submit a support incident with your inbound SAML gateway and the .cer file you just created.

Java KeyTool Instructions:

exe: KeyTool.exe

location: C:Program FilesJavajdk1.6.0_14jrebin

C:>keytool -genkey -alias ippsample-validity 1095 -keyalg RSA -keystore keystore.jks

Enter keystore password:  intuit

C:Program FilesJavajdk1.6.0_14bin>keytool -genkey -alias ippsample -validity

1095 -keyalg RSA -keystore keystore.jks

Enter keystore password:

Re-enter new password:

What is your first and last name?

  [Unknown]:  Intuit Partner Platform

What is the name of your organizational unit?

  [Unknown]:  PaaSG

What is the name of your organization?

  [Unknown]:  Intuit Inc

What is the name of your City or Locality?

  [Unknown]:  Waltham

What is the name of your State or Province?

  [Unknown]:  MA

What is the two-letter country code for this unit?

  [Unknown]:  US

Is CN=Intuit Partner Platform, OU=PaaSG, O=Intuit Inc, L=Waltham, ST=MA, C=US co

rrect?

  [no]:  yes

Enter key password for <ippsample>

        (RETURN if same as keystore password):

Re-enter new password:

C:>keytool -list -v -keystore keystore.jks

Enter keystore password:  intuit

Alias name: ippsample

Creation date: Jul 20, 2009

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=Intuit Partner Platform, OU=PaaSG, O=Intuit Inc, L=Waltham, ST=MA, C=U

S

Issuer: CN=Intuit Partner Platform, OU=PaaSG, O=Intuit Inc, L=Waltham, ST=MA, C=

US

Serial number: 4a64c596

Valid from: Mon Jul 20 15:29:26 EDT 2009 until: Thu Jul 19 15:29:26 EDT 2012

Certificate fingerprints:

         MD5:  AF:90:1D:41:1A:33:9D:70:CF:EE:B3:6F:C3:30:B9:65

         SHA1: 2B:D4:E7:CA:A2:A6:9F:77:AE:A3:5D:55:E3:DA:C3:AE:35:A1:87:BB

         Signature algorithm name: SHA1withRSA

         Version: 3

*******************************************

*******************************************

*******************************************

*******************************************

C:>keytool -list -rfc -keystore keystore.jks

Enter keystore password:  intuit

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: ippsample

Creation date: Jul 20, 2009

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

—–BEGIN CERTIFICATE—–

MIICXTCCAcagAwIBAgIESmTFljANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzELMAkGA1UE

CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xEzARBgNVBAoTCkludHVpdCBJbmMxDjAMBgNVBAsTBVBh

YVNHMSAwHgYDVQQDExdJbnR1aXQgUGFydG5lciBQbGF0Zm9ybTAeFw0wOTA3MjAxOTI5MjZaFw0x

MjA3MTkxOTI5MjZaMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHV2FsdGhh

bTETMBEGA1UEChMKSW50dWl0IEluYzEOMAwGA1UECxMFUGFhU0cxIDAeBgNVBAMTF0ludHVpdCBQ

YXJ0bmVyIFBsYXRmb3JtMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCei1lo3plI7r9gQqOe

TiqcZ0sWmlhGovtr4jNIs6Nib9lAdzOAWEzOqPMu2uNjOomo5bgOtHNpGk3FRqCp38KIy1V9osNu

2rV2qT3Fa8W6A1BB5myHKclOwMss/w/gFc5y/lwx2NaqVc6WiChF7hhgCAHxmAHwjASsWhzUxqQd

zwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGlsQBfhGS2zliVMybDzT9oLEjnZF/h+ZjLevkUArhT9

DTPztd4uj6RC58/TYHQp9O67zu/JOYewRmsoo902nQJDOkRdGC6SDIUqSw6CNhN0MJufzSQQxfWd

iRgCVeAzt3sNrh+nY49Zcuz001Xpss+6xTN9uuCSpsVIDohprlyR

—–END CERTIFICATE—–

*******************************************

*******************************************

C:Program FilesJavajdk1.6.0_14bin>keytool -export -rfc -alias ippsample -keystore

keystore.jks -file ippsample.crt

Enter keystore password:

Certificate stored in file <ippsample.crt>

keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

NOTE: If you are using a cert that is not signed by a recognized CA (like the self signed cert as described above), you need to import the public cert into the cacerts file on the system that is running the gateway:

$ keytool -import
-trustcacerts -keystore $JAVA_HOME/jre/security/cacerts -file ./ippsample.crt
-alias ippsample



Open SSL Instructions:

C:OpenSSLbin>openssl.exe req -x509 -nodes
-days 365 -newkey rsa:1024 -keyout sdgidfedapp11.corp.intuit.net.key -out
sdgidfedapp11.corp.intuit.net.crt

Loading
'screen' into random state – done

Generating
a 1024 bit RSA private key

………………++++++

……..++++++

writing
new private key to 'sdgidfedapp11.corp.intuit.net.key'

—–

You
are about to be asked to enter information that will be incorporated

into
your certificate request.

What
you are about to enter is what is called a Distinguished Name or a DN.

There
are quite a few fields but you can leave some blank

For
some fields there will be a default value,

If
you enter '.', the field will be left blank.

—–

Country
Name (2 letter code) [AU]:US

State
or Province Name (full name) [Some-State]:California

Locality
Name (eg, city) []:San
Diego

Organization
Name (eg, company) [Internet Widgits Pty Ltd]:Intuit

Organizational
Unit Name (eg, section) []:IAM

Common
Name (eg, YOUR name) []:sdgidfedapp11.corp.intuit.net

Email
Address []:

C:OpenSSLbin>


Lastly,

Submit your .crt file and your inbound gateway url to Intuit by submitting a support incident.

happy coding
-Jarred




Comments

View all
Load more comments