Creating the Private Key

SSO for Google Apps requires that you provide either a public key or a certificate.  Please read below on how to create a private key and certificate pair.  This solution is offered on the linux platform with the openssl tool.


The first step is to generate a private key.  Do this by following the simple instructions that we have laid out for this.


openssl genrsa -out my_private.key 1024


You now have your private key.  If you open the key in a text editor, you will see that it is a long randomly generated string of letters and numbers with a header and a footer that marked it as a private key.  Step one...  COMPLETE.


Creating the x509 Certificate

Google requires that you either upload a Public Key, or an x509 Certificate.  Since there is an easy method to generate an x509 certificate from a private key, we will chose to this method.  


openssl req -x509 -new -nodes -key my_private.key -days 365 -out my.crt


Now you have a certificate file that you can use.  Open the certificate in a text editor, and see that it was a long randomly generated string of letters and numbers with a header and a footer that marked it as a certificate.  Step two...  COMPLETE.


Comparing the Two

In order for SSO to function properly, the Private Key and Certificate have to match.  In order to test this, we perform the following steps, and then compare the results.


openssl x509 -noout -modulus -in my.crt | openssl md5

openssl rsa -noout -modulus -in my_private.key | openssl md5


The commands will return the md5 hash of both the certificate, and then the private key.  Verify that these hashes match.  Step three...  COMPLETE.


With the above procedure you will be able to generate a private key, create a certificate from that key, and verify that the private key and certificate match up.  You can now upload the certificate to Google, and install the Private Key into your SSO Provider.