Creating an RSA Public/Private Key Pair and Certificate

To sign a package, a public/private key pair and certificate that wraps the public key is required. The private key and the certificate, which includes the public key, is stored in a .pem file.

The following OpenSSL command creates a .pem file:

> openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:1024 -keyout myself.pem -out myself.pem

Note

No password is necessary. To include a password, remove the --nodes option.

Example: Myself.pem File Contents shows the contents of the myself.pem file.

Example: Myself.pem File Contents

-----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQDe0dCCKNfQ45+D0ezGGAuVSbhE8buqFCQnQnfi27Wt6bu4DhcE
    bQtjgfzuEpcl4e31txJcu18XTv4icRL74DP7i2pMN2UVj6DZW/B7jIw4UPG2g96f
    ... 
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----  
    MIIC5DCCAk2gAwIBAgIJAKgUiZPOajC0MA0GCSqGSIb3DQEBBAUAMFYxCzAJBgNV
    BAYTAkRLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZBYXJodXMxITAf
    ...
    -----END CERTIFICATE-----

To display the contents of a .pem file at the command line, type the following:

>openssl x509 -text -noout -in <filename>.pem

The contents of the file display as follows:

Certificate:
     Data:
        Version: 3 (0x2)
        Serial Number:
....

To create a trusted certificate, use the OpenSSL command, omitting the --x509 option. This creates a certificate request in a .pem file that you can send to any public authority, such as Verisign.