Generate CSRs and Private Keys for Signing and Encryption Certificates - Digital-Platform-Services/My-NS-Account GitHub Wiki
Using OpenSSL, generate private keys (.key) and Certificate signing request files (.csr): one for signing and one for encryption.
-
If not installed, download and install OpenSSL
-
From a command prompt, run the following commands:
openssl req -newkey rsa:2048 -keyout Signing.key -out Signing.csr -passout pass:<password>
openssl req -newkey rsa:2048 -keyout Encryption.key -out Encryption.csr -passout pass:<password>
-
Download, and fill out a copy of the Certificate Signing Request Form
-
Send both CSR files and the completed Certificate Signing Request Form to [email protected]. Certificates are typically turned around within 2 business days.
It is important that you safeguard your private keys (.key files).
Store your Signing and Encryption private key files and their passwords in a secure location.
Unless specified, do NOT transmit your private keys to us.
Please take some time to consider the security of your private keys, specifically:
- how private keys will be securely stored
- how will they be securely transmitted
- who will have access to them
NEVER SHARE your private keys. Never. Ever.