Generating a New Certificate
Generating a new certificate for Key Trustee Server.
Generate a new certificate signing request (CSR):
openssl req -new -key keytrustee_private_key.pem -out new.csr
Replace keytrustee_private_key.pem with the filename of the private key. You can reuse the existing private key or generate a new private key in accordance with your company policies. For existing auto-generated self-signed certificates, the private key file is located at
Generate a new certificate from the CSR:
- For a CA-signed certificate, submit the CSR to the CA, and they will provide a signed certificate.
- To generate a new self-signed certificate, run the following
$ openssl x509 -req -days 365 -in new.csr -signkey keytrustee_private_key.pem \ -out new_keytrustee_certificate.pem