shibboleth

Unix and Linux Discussions Tagged with shibboleth
	Thread / Thread Starter	Last Post	Replies	Views	Forum
	differences between Shibboleth and Single Sign On onlinelearner02	08-20-2012 by Corona688	1	2,409	Cybersecurity
	Shibboleth Project 2.0 (Default branch) Linux Bot	04-08-2008 by Linux Bot	0	1,160	Software Releases - RSS News

LEARN ABOUT DEBIAN

shib-keygen

SHIB-KEYGEN(8)							    Shibboleth							    SHIB-KEYGEN(8)

NAME

       shib-keygen - Generate a key pair for a Shibboleth SP

SYNOPSIS

       shib-keygen [-bf] [-e entity-id] [-g group]
	   [-h hostname] [-o output-dir] [-u user] [-y years]

DESCRIPTION

       Generate a self-signed X.509 certificate for a Shibboleth SP.  By default, the certificate will be for the local fully-qualified (as
       returned by "hostname --fqdn") hostname.  An entity ID can be specified with the -e flag.  The openssl command-line client is used to
       generate the key pair.  By default, the public certificate will be created in /etc/shibboleth/sp-cert.pem and the private key in
       /etc/shibboleth/sp-key.pem.

OPTIONS

       -b  Suppress all standard error output when creating the certificate.  This option is normally only used by the package build.

       -e entity-id
	   Add entity-id (which should be a URI) as an alternative name for the certificate.

       -f  Remove /etc/shibboleth/sp-cert.pem and /etc/shibboleth/sp-key.pem before generating a new certificate.  Without this option, if those
	   files already exist, shib-keygen prints an error and exits rather than overwriting them.

       -g group
	   After generating the key and certificate, change the group ownership of the key file to this group.	By default, the group used is
	   "_shibd".

       -h hostname
	   Specify the fully-qualified domain name for which to generate a certificate.  If this option isn't given, the hostname defaults to the
	   result of "hostname --fqdn".

       -o output-dir
	   Store sp-cert.pem and sp-key.pem in the directory output-dir rather than the default of /etc/shibboleth.

       -u user
	   After generating the key and certificate, change the ownership of the key file to this user.  This is used to allow the key to be read
	   by a non-root user so that shibd can be run as a non-root user.  By default, the key is owned by "_shibd".

       -y years
	   The number of years for which the certificate should be valid.  The default expiration time is ten years into the future.

FILES

       /etc/shibboleth/sp-cert.cnf
	   The OpenSSL configuration file used for generating the self-signed certificate.  This configuration file is generated when the script
	   is run and deleted afterwards.

       /etc/shibboelth/sp-cert.pem
	   The default location of the public certificate created by this script.

       /etc/shibboleth/sp-key.pem
	   The default location of the private key for the certificate created by this script.

       These three files are stored in the directory given with -o instead, if that option is given.

AUTHOR

       This manual page was written by Russ Allbery for Debian GNU/Linux.

COPYRIGHT

       Copyright 2008, 2011 Russ Allbery.  This manual page is hereby placed into the public domain by its author.

2.4.3								    2012-02-16							    SHIB-KEYGEN(8)