Skip to main content

Self-signed Certificates

Self-signed certificates are a way to secure your data by encrypting the SAML response when using single-sign on authentication. The following section serves as an example of generating and using self-signed certificates in OKTA.

Generating a Self-Signed Certificate

There are multiple software applications which allow you to generate self-signed certificates, such as OpenSSL, MakeCert, IIS, Pluralsight or SelfSSL. For this example, we use MakeCert. In order to make a self-signed certificate with a private key, run the following commands from the Command Prompt:

  • makecert -r -pe -n “CN=UiPath” -e 01/01/2019 -sky exchange -sv makecert.pvk makecert.cer
  • C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\pvk2pfx.exe” -pvk makecert.pvk -spc makecert.cer -pfx makecert.pfx

Add the Certificate to Okta

  1. Log in to Okta. The following setup is made in Classic UI view. You can change it from the drop-down on the top-right corner of the window.

    'Classic UI view' image

  2. On the Application tab, select your previously defined application.

    'Okta Application tab' image

  3. On the General tab, in the SAML Settings section, select Edit.

  4. On the Configure SAML tab, select Show Advanced Settings.

    'Configure SAML tab' image

  5. For the Assertion Encryption drop-down, select the Encrypted option.

  6. The certificate is displayed in the Encryption Certificate field.

    'SAML settings' image

Set Orchestrator/Identity Server to Use the Certificate

  1. Import the makecert.pfx certificate to the Windows certificate store using Microsoft Management Console. Refer to Private Key Certificates.

  2. Log in to the host Management portal as a system administrator.

  3. Select Security.

    note

    If you are still using the old Admin experience, go to Users instead of Security.

  4. Select Configure under SAML SSO:

    The SAML SSO configuration page opens.

  5. Under the Signing Certificate section, set the following:

    • Store name - select My
    • Store location - select LocalMachine
    • Thumbprint - enter the thumbprint value you've previously prepared.

  6. Select Save at the bottom to save you changes and close the panel.

  7. Restart the IIS server.