Generate a software-based private key
TrustEdge certificate tool allows you to generate software-based private keys that can be used to create Certificate Signing Requests (CSRs) and secure communications. In this workflow, you will learn how to generate an RSA or ECC private key, specify the output format, and if needed protect the key with a password.
Step 1: Choose the algorithm and key parameters
Before generating the key, decide on the type of key (--algorithm <key_type>
) and its parameters, such as key size (--size <size>
) for RSA or the curve (--curve <curve>
)for ECC.
For RSA keys: You will need to specify the key size.
trustedge certificate --algorithm RSA --size 2048 --output-file RSA_2048.pem
For ECC keys: You need to specify the curve type.
trustedge certificate --algorithm ECC --curve P256 --output-file ECC_P256.pem
Step 2 (optional): Generate the public key
If you also want to generate the corresponding public key, you can use the --output-pub-file
option to specify the output file for the public key.
For RSA keys:
trustedge certificate --algorithm RSA --size 2048 --output-file RSA_2048.pem --output-pub-file RSA_2048_PUB.pem
For ECC keys:
trustedge certificate --algorithm ECC --curve P256 --output-file ECC_P256_PRIV.pem --output-pub-file ECC_P256_PUB.pem
Step 3 (optional): Protect the private key with a password
You can enhance the security of your private key by protecting it with a password using the --protect
option. After running the command, you will be prompted to enter a password to protect the private key.
For RSA keys:
trustedge certificate --algorithm RSA --size 2048 --protect --output-file RSA_PW_2048.pem
For ECC keys:
trustedge certificate --algorithm ECC --curve P256 --protect --output-file ECC_P256_PW.pem
Step 4: Verify the key creation
After generating the key, you can verify that the file was created by listing the contents of the directory:
ls -l /etc/digicert/keystore/keys/
This command will display the files in the keystore/keys/
directory, including the newly created private key, and public key if generated.
Tip
After generating a private key, you can use it to sign a Certificate Signing Request (CSR). See Create a Signed Certificate Signing Request (CSR).