Newer Version Available
Create a Private Key and Self-Signed Digital Certificate
The JWT-based authorization flow requires a digital certificate and the private key used
to sign the certificate. You upload the digital certificate to the custom connected app that is
also required for JWT-based authorization. You can use your own private key and certificate
issued by a certification authority. Alternatively, you can use OpenSSL to create a key and a
self-signed digital certificate.
This process produces two files.
- server.key—The private key. You specify this file when you authorize an org with the force:auth:jwt:grant command.
- server.crt—The digital certification. You upload this file when you create the connected app required by the JWT-based flow.
-
If necessary, install OpenSSL on your computer.
To check whether OpenSSL is installed on your computer, run this command.
-
In Terminal or a Windows command prompt, create a directory to store the generated
files, and change to the directory.
-
Generate a private key, and store it in a file called server.key.
You can delete the server.pass.key file because you no longer need it.
-
Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called
server.csr. Enter information about your
company when prompted.
-
Generate a self-signed digital certificate from the server.key and server.csr files.
Store the certificate in a file called server.crt.