Generate a software-based private key
TrustEdge certificate tool allows you to generate software-based private keys that can be used to create Certificate Signing Requests (CSRs) and secure communications. In this workflow, you will learn how to generate an RSA or ECC private key, specify the output format, and if needed protect the key with a password.
Before you begin
Make sure you understand the following:
Step 1: Choose the algorithm and key parameters
Before generating the key, decide on the type of key (--algorithm <key_type>) and its parameters, such as key size (--size <size>) for RSA or the curve (--curve <curve>)for ECC.
For RSA keys:
trustedge certificate --algorithm RSA --size 2048 --output-file RSA_2048.pem
For ECC keys:
trustedge certificate --algorithm ECC --curve P256 --output-file ECC_P256.pem
Step 2 (optional): Generate the public key
If you also want to generate the corresponding public key, you can use the --output-pub-file option to specify the output file for the public key.
For RSA keys:
trustedge certificate --algorithm RSA --size 2048 --output-file RSA_2048.pem --output-pub-file RSA_2048_PUB.pem
For ECC keys:
trustedge certificate --algorithm ECC --curve P256 --output-file ECC_P256_PRIV.pem --output-pub-file ECC_P256_PUB.pem
Tip
To enhance the security of your private key, you can protect it with a password by including the --protect option with any of the commands above. After running the command, you will be prompted to enter a password to protect the private key.
Step 4: Verify the key creation
After generating the key, you can verify file creation by listing the contents of the directory:
ls -l /etc/digicert/keystore/keys/
This command will display the files in the keystore/keys/ directory, including the newly created private key, and public key if generated.
What's next?
After generating a private key, you can use it to sign a Certificate Signing Request (CSR).