Salesforce DX Developer Guide (Beta)
jNewer Version Available
Create a Private Key and Self-Signed Digital Certificate
The JWT-based authorization flow requires a digital certificate and the private key used
to sign the certificate. You upload the digital certificate to the custom connected app that is
also required for JWT-based authorization. You can use your own private key and certificate
issued by a certification authority. Alternatively, you can use OpenSSL to create a key and a
self-signed digital certificate.
This process produces two files.
- server.key—The private key. You specify this file when you authorize an org with the force:auth:jwt:grant command.
- server.crt—The digital certification. You upload this file when you create the connected app required by the JWT-based flow.
-
If necessary, install OpenSSL on your computer.
To check whether OpenSSL is installed on your computer, run this command.
1$ which openssl -
In Terminal or a Windows command prompt, create a directory to store the generated
files, and change to the directory.
1$ mkdir /Users/jdoe/JWT 2$ cd /Users/jdoe/JWT -
Generate a private key, and store it in a file called server.key.
1$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 2$ openssl rsa -passin pass:x -in server.pass.key -out server.keyYou can delete the server.pass.key file because you no longer need it. -
Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called
server.csr. Enter information about your
company when prompted.
1$ openssl req -new -key server.key -out server.csr -
Generate a self-signed digital certificate from the server.key and server.csr files.
Store the certificate in a file called server.crt.
1$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt