Formatting and info on certificates in SP quickstart

andreassolberg · andreassolberg · commit 492c08409e47 · 2009-10-13T08:04:55.000Z
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1850 44740490-163a-0410-bde0-09ae8108e29a
diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
@@ -156,11 +156,10 @@ For more information about available options in the sp-remote metadata files, se
 Creating a SSL self signed certificate
 --------------------------------------
 
-For test purposes, you can skip this section, and use the certificate
-included in the simpleSAMLphp distribution.
+For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution.
+
+Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
 
-Here is an example of an `openssl`-command which can be used to generate
-a new private key key and the corresponding self-signed certificate.
 This key and certificate can be used to sign SAML messages:
 
     openssl req -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
@@ -170,8 +169,7 @@ The certificate above will be valid for 10 years.
 
 ### Note ###
 
-simpleSAMLphp will only work with RSA certificates. DSA certificates
-are not supported.
+simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
 
 
 ### Warning ###
diff --git a/docs/simplesamlphp-sp.txt b/docs/simplesamlphp-sp.txt
@@ -43,6 +43,24 @@ If you want mulitple Service Providers in the same site and installation, you ca
 		'entityID' => 'https://sp2.example.org/,
 	),
 
+### Enablig a certificate for your Service Provider
+
+Some Identity Providers / Federations may require that your Service Providers holds a certificate. If you enable a certificate for your Service Provider, it may be able to sign requests and response sent to the Identity Provider, as well as receiving encrypted responses.
+
+Create a self-signed certificate in the `cert/` directory.
+
+	cd cert
+	openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
+
+
+Then edit your `authsources.php` entry, and add references to your certificate:
+
+	'default-sp' => array(
+	    'saml:SP',
+	    'privatekey' => 'saml.pem',
+	    'certificate' => 'saml.crt',
+	),
+
 
 Adding IdPs to the SP
 ---------------------
