Newer Version Available

This content describes an older version of this product. View Latest

Create a Private Key and Self-Signed Digital Certificate

The JWT-based authorization flow requires a digital certificate and the private key used to sign the certificate. You upload the digital certificate to the custom connected app that is also required for JWT-based authorization. You can use your own private key and certificate issued by a certification authority. Alternatively, you can use OpenSSL to create a key and a self-signed digital certificate.

This process produces two files.

  • server.key—The private key. You specify this file when you authorize an org with the force:auth:jwt:grant command.
  • server.crt—The digital certification. You upload this file when you create the connected app required by the JWT-based flow.
  1. If necessary, install OpenSSL on your computer.
    To check whether OpenSSL is installed on your computer, run this command.
  2. In Terminal or a Windows command prompt, create a directory to store the generated files, and change to the directory.
  3. Generate a private key, and store it in a file called server.key.
    You can delete the server.pass.key file because you no longer need it.
  4. Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr. Enter information about your company when prompted.
  5. Generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt.