How to Generate Private & Public Key for Authentication?

Generate Required Certificates: 

  • Install OpenSSL and generate a private key and a digital certificate using the command line terminal.
  • First, create one folder called ‘JWT’ and open the terminal with this folder path.
  • Run the below commands in the terminal. 
  • Pass key: 
      • CMD: openssl genrsa -des3 -passout pass:Biz_JWT -out server.pass.key 2048
  • Private key generate:
      • CMD: openssl rsa -passin pass:Biz_JWT -in server.pass.key -out server.key
  • Generate server certificate:
      • CMD: openssl req -new -key server.key -out server.csr
      • Note: This command takes input, so enter valid details.
  • Generate x509 certificate:
      • CMD: openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt 
  • Generate public key:
      • CMD: openssl x509 -pubkey -noout -in server.crt  > pubkey.pem
  • After executing the commands above, 5 files are generated: pubkey.pem, server.crt, server.csr, server.key, server.pass.key
  • Reference Document:   

Connected App with a certificate:

  • Go to the Setup in Salesforce.
  • Type ‘App’ in the Quick Find Box.
  • Select App Manager.
  • Click on ‘New Connected App’.

  • Enter ‘Connected App Name’, ‘API Name’, and ‘Contact Email’ in Basic Information Section.
  • Select Enable OAuth Settings Checkbox.
  • Enter ‘’ in Callback URL.
  • Select Use digital signatures Checkbox.
  • Click on Choose File and Select ‘server.crt’ generated in the above step.
  • In Selected OAuth Scopes Drag the ‘Manage user data via APIs (api), and Perform requests at any time (refresh_token, offline_access)’ From Available OAuth Scopes to Selected OAuth Scopes.
  • Select Require Secret for Web Server Flow and Require Secret for Refresh Token Flow Checkbox.
  • Click on save.

  • Click on the Manage button to edit the policies.
  • Click on the Edit Policies and on ‘OAuth Policies’ Select ‘Admin approved users are pre-authorized’ in Permitted Users. 
  • In IP Relaxation Select ‘Relax IP restrictions’ and In Refresh Token Policy Select the ‘Refresh token is valid until revoked’ radio button.
  • Click on save.
  • In Profile Section, Click on manage profiles. Select the system administrator profile and save.

  • After clicking on the ‘Manage Consumer Details’, get the Consumer Key and Consumer Secret.

Related Articles