Creating an RSA Public/Private Key Pair and Certificate

To sign a package, a public/private key pair and certificate that wraps the public key is required. The private key and the certificate, which includes the public key, is stored in a
.pem
file.
The following OpenSSL command creates a
.pem
file:
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:1024 -keyout myself.pem -out myself.pem
No password is necessary. To include a password, remove the
--nodes
option.
Contents of the resulting
myself.pem
file are shown below.
myself.pem File
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDe0dCCKNfQ45+D0ezGGAuVSbhE8buqFCQnQnfi27Wt6bu4DhcE bQtjgfzuEpcl4e31txJcu18XTv4icRL74DP7i2pMN2UVj6DZW/B7jIw4UPG2g96f ... -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC5DCCAk2gAwIBAgIJAKgUiZPOajC0MA0GCSqGSIb3DQEBBAUAMFYxCzAJBgNV BAYTAkRLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZBYXJodXMxITAf ... -----END CERTIFICATE-----
To display the contents of a
.pem
file at the command line, type the following:
openssl -x509 -text -noout -in <filename>.pem
Contents of the file display as follows:
Certificate:      Data:         Version: 3 (0x2)         Serial Number: ....
To create a trusted certificate, use the OpenSSL command, omitting the
-x509
option. This creates a certificate request in a
.pem
file that you can send to any public authority such as Verisign.