Salesforce DX Developer Guide

How Salesforce Developer Experience (DX) Tooling Changes the Way You Work
Provide Developers Access to Salesforce DX Tools
Project Setup
Authorization
Authorize an Org Using a Browser
Authorize an Org Using the JWT Flow
Authorize an Org Using Its SFDX Authorization URL
Create a Private Key and Self-Signed Digital Certificate
Create a Connected App in Your Org
Use the Default Connected App Securely
Use an Existing Access Token
Authorization Information for an Org
Log Out of an Org
Metadata Coverage
Scratch Orgs
Sandboxes
Track Changes Between Your Project and Org
Work with Data
Development
Build and Release Your App
Unlocked Packages
Continuous Integration
Troubleshoot Salesforce DX
Limitations for Salesforce DX
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Create a Private Key and Self-Signed Digital Certificate

Authorizing an org with the org login jwt command requires a digital certificate and the private key used to sign the certificate. You can use your own private key and certificate issued by a certification authority. Alternatively, you can use OpenSSL to create a key and a self-signed digital certificate. Using a private key and certificate is optional when you authorize an org by logging into a browser.

This process produces two files:

  • server.key—The private key. You specify this file when you authorize an org with the org login jwt command.
  • server.crt—The digital certificate. You upload this file when you create the required connected app.
  1. Open a terminal (macOS and Linux) or command prompt (Windows).
  2. If necessary, install OpenSSL on your computer.
    To check whether OpenSSL is installed on your computer, run the which command on macOS or Linux or the where command on Windows.
    1which openssl
  3. Create a directory for storing the generated files, and change to the directory. 
    1mkdir /Users/jdoe/JWT
    1cd /Users/jdoe/JWT
  4. Generate a private key, and store it in a file called server.key. 
    1openssl genpkey -des3 -algorithm RSA -pass pass:SomePassword -out server.pass.key -pkeyopt rsa_keygen_bits:2048
    1openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key
    You can delete the server.pass.key file because you no longer need it.
  5. Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr. Enter information about your company when prompted. 
    1openssl req -new -key server.key -out server.csr
  6. Generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt. 
    1openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
Now create a custom connected app and upload the digital certificate to it.