Skip Navigation

Create a certificate and key pair

A certificate and key pair are required for each service to function. They expire periodically and must be recreated. Your organization may have its own process for creating certificates and keys. For example, you might contract with one of the companies that sells certificates. This task describes how to create a self-signed certificate, which may not be appropriate for all organizations and is not typically the most secure. Management of the keys is important to maintain security.
  1. Download
    . For
    , use the Win32
    light installer.
  2. In a command prompt window, type:
    • cd \OpenSSL-Win32\bin.
    • openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 730 -out certificate.pem
    When prompted by openssl, use the following values:
    Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Ontario]: Locality Name (eg, city) [Waterloo]: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name [Marketing]:BlackBerry Identity Common Name (e.g. server FQDN or YOUR name) [example.fqdn]:ServiceName Email Address []:
  3. Store the key file in a safe place (for example, a keystore). The key should be encrypted and password protected. The certificate is included in the service metadata and can be shared.