Newer Version Available
Create a Private Key and Self-Signed Digital Certificate
Authorizing an org with the org login jwt command
requires a digital certificate and the private key used to sign the certificate. We highly
recommend that you use your own private key and certificate issued by a certification authority.
You can also use OpenSSL to create a key and a self-signed digital certificate, just to get
started. Using a private key and certificate is optional when you authorize an org by logging
into a browser.
This process produces two files:
- server.key—The private key. You specify this file when you authorize an org with the org login jwt command.
- server.crt—The digital certificate. You upload this file when you create the required external client app or connected app.
- Open a terminal (macOS and Linux) or command prompt (Windows).
-
If necessary, install OpenSSL on your computer.
To check whether OpenSSL is installed on your computer, run the which command on macOS or Linux or the where command on Windows.
1which openssl -
Create a directory for storing the generated files, and change to the directory.
1mkdir /Users/jdoe/JWT1cd /Users/jdoe/JWT -
Generate a private key, and store it in a file called server.key.
1openssl genpkey -aes-256-cbc -algorithm RSA -pass pass:SomePassword -out server.pass.key -pkeyopt rsa_keygen_bits:20481openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key -
Generate a certificate signing request by using the server.key file. Store the certificate signing request in a file called
server.csr. Enter information about your
company when prompted.
1openssl req -new -key server.key -out server.csr -
Generate a self-signed digital certificate from the server.key and server.csr files.
Store the certificate in a file called server.crt.
1openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
Now create a
external client app and upload the digital certificate to it. If you're authorizing a
Dev Hub and you plan to create scratch orgs or sandboxes later with the org create scratch|sandbox commands, then you must create a connected
app instead.