Generating a New Certificate

Generating a new certificate for Key Trustee Server.

  1. Generate a new certificate signing request (CSR):
    openssl req -new -key keytrustee_private_key.pem -out new.csr

    Replace keytrustee_private_key.pem with the filename of the private key. You can reuse the existing private key or generate a new private key in accordance with your company policies. For existing auto-generated self-signed certificates, the private key file is located at /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee-pk.pem.

  2. Generate a new certificate from the CSR:
    • For a CA-signed certificate, submit the CSR to the CA, and they will provide a signed certificate.
    • To generate a new self-signed certificate, run the following command:
      $ openssl x509 -req -days 365 -in new.csr -signkey keytrustee_private_key.pem \
      -out new_keytrustee_certificate.pem