Creating Public/Private Key Pairs
This page explains how to generate public/private key pairs using OpenSSL command-line tools.
Generating an RSA Key
Use the following commands to generate an RSA key pair.
These commands create the following public/private key pair:
rsa_private.pem
: The private key that must be securely stored on the device and used to sign the JWT.rsa_public.pem
: The public key that must be uploaded in akenza and is used to verify the signature of the JWT.
Generating Elliptic Curve Keys
Use the following commands to generate a P-256 Elliptic Curve key pair.
These commands create the following public/private key pair:
ec_private.pem
: The private key that must be securely stored on the device and used to sign the JWT.ec_public.pem
: The public key that must be uploaded in akenza and is used to verify the signature of the JWT.
Self-Signed RSA X509 Certificate
Use the following commands to generate a 2048-bit RSA private key and a self-signed x.509 certificate with a SHA-256 signature.
The subject claim must be set to the device ID used during provisioning in akenza (e.g. MAC address or other hardware identifier).
By default, X.509 certificates expire 30 days after creation. To set the number of days until the certificate expires, add the -days <n>
flag at creation time.
Self-Signed EC X509 Certificate
Use the following commands to generate an elliptic curve private key and a self-signed x.509 certificate.
The subject claim must be set to the device ID used during provisioning in akenza (e.g. MAC address or other hardware identifier).
By default, X.509 certificates expire 30 days after creation. To set the number of days until the certificate expires, add the -days <n>
flag at creation time.
Last updated