Generate a Self-Signed Certificate with OpenSSL

Use OpenSSL to generate an RSA private key and certificate.

You need the certificate to set up the contact center. The reqTelephonyIntegrationCertificate value should be the value in server.crt from these steps.

This key pair must be unique for each org installation. Shared key pairs would allow the private key holder to call SCV APIs for any org using the corresponding public key. Subscriber orgs should be able to rotate this key on demand.

Important

  1. Create a folder to hold the generated certificate: $ mkdir certificates
  2. Change the current directory to the certificates folder: $ cd certificates
  3. In the certificates folder, specify a password and generate an RSA private key. Replace <your_password> with your own password. Include a -traditional flag to generate a key using the traditional PKCS #1 format instead of the PKCS #8 format.

    The Certificate Authorities use this password to authenticate the certificate owner when they want to revoke their certificate. Because the certificate is self-signed, you can’t revoke it using CRL (Certificate Revocation List).

    Note

    $ openssl genrsa -des3 -traditional -passout pass:<your_password> -out server.pass.key 2048
  4. Create a key file from the server.pass.key file, using the password that you just created. Include a -traditional flag to generate a key using the traditional PKCS #1 format instead of the PKCS #8 format. $ openssl rsa -traditional -passin pass:<your_password> -in server.pass.key -out server.key
  5. Delete the server.pass.key: $ rm server.pass.key
  6. Request and generate the certificate: $ openssl req -new -key server.key -out server.csr
  7. Enter the requested information. Press Enter when prompted for the challenge password. To skip entering a company name, enter a period (.).
  8. Generate the SSL certificate: $ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt