Exporting the Public Key Certificate
Now that you will be signing the SAML data, you need to provide your SAML Trusted Affiliate site with a way of validating the signatures you generate. You do this by providing the Trusted Affiliate with your public key certificate, which it can import into its system to use to validate signatures you generate.
To export the public key certificate:
-
Open the Properties page associated with the key pair you are using to generate your digital signatures, the same as you did when you exported the key pair in PKCS#12 format.
-
Select Certificates > Public Key Certificate.
-
Click Export.
A wizard page is displayed, as shown in Figure 85:
Figure 85
Export Wizard Page
-
Select No to prevent exporting the private key with the certificate. This causes only the public key portion of the key pair to be exported.
-
Click Next.
-
Select the file name and format to save the file as. The most common file format is binary DER encoding. See Figure 86:
Figure 86
Exporting the Private Key With the Certificate
At this point, if you were to send out this public key certificate file to your partner sites that want signed data, the partner sites would then import the certificate so that they could validate your signatures.
IMPORTANT: Until the Trusted Affiliate receives and imports your public key certificate into its system, it cannot validate your signatures. Make sure that the Trusted Affiliate partner site has successfully imported and configured the certificate before attempting to send digitally signed assertions.