Browser-facing certificate

You will need to acquire an SSL certificate from a certification authority to secure the IdP.

Important: the CN (Common Name) you specify when requesting the certificate must match the DNS hostname aka FQDN of the IdP deployment discussed in the Preparation section.

Please see our guides at these links:

If you plan to proxy the IdP through Apache httpd then you should not need to build a keystore file; the browser-facing certificate is configured in Apache using PEM format certificate files.