Generating a New Certificate
Generating a new certificate for Key Trustee Server.
-
Generate a new certificate signing request (CSR):
openssl req -new -key keytrustee_private_key.pem -out new.csrReplace keytrustee_private_key.pem with the filename of the private key. You can reuse the existing private key or generate a new private key in accordance with your company policies. For existing auto-generated self-signed certificates, the private key file is located at
/var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee-pk.pem. -
Generate a new certificate from the CSR:
- For a CA-signed certificate, submit the CSR to the CA, and they will provide a signed certificate.
- To generate a new self-signed certificate, run the following
command:
$ openssl x509 -req -days 365 -in new.csr -signkey keytrustee_private_key.pem \ -out new_keytrustee_certificate.pem
