Add a Client Certificate to smkeydatabase

To create and store a client certificate in the smkeydatabase file at the consumer:

Open a command window.
If necessary, create a key database by entering:
smkeytool -createDB -password fedDB
Generate a key-pair combination.
For example, to create a private key using the PKCS8 format enter:

smkeytool -addPrivKey -alias CompanyA -keyfile idp1pkey.pkcs8 -certfile idp1.crt -password smdb

This example assumes you are running smkeytool from the directory where the certificate and key are located, so there are no file paths necessary.

The certificate is now added to the smkeydatabase.
Restart the Policy Server to see the smkeydatabase changes immediately.

Notes on Creating a Private Key

When you create a private key, the dname value, which specifies the consumer name, can be any attribute from the consumer's subject DN because the Policy Server at the producer site can use its certificate mapping functionality to map the consumer to a local user directory entry. This means that in the Certificate Mapping Properties dialog box of the FSS Administrative UI, you can use any of the values listed for the Attribute Name field in the Mapping information. In this example, CN is used; however, you can use other attributes, such as OU, O, UID.
The value for alias associated with the private key should be same as the value of the Affiliate Name field specified in the Scheme Setup dialog for the SAML Artifact Authentication scheme. The attribute of the consumer's subject DN, represented in the example by the CN value, should also reflect the Affiliate Name value.
For example, if you entered CompanyA as the Affiliate Name, then alias would be Company A, and the attribute could be CN=CompanyA, OU=Development, O=CA, L=Waltham, ST=MA, C=US
To refer to the existing key store entry, subsequent keytool commands must use the same alias.
The value for password should be same as the value of the Password field specified in the Scheme Setup dialog for the SAML Artifact Authentication Scheme.