Tip
This is the documentation for the 19.12 version. Looking for the documentation of the latest version? Have a look here.
Generate a Key PairΒΆ
This guide uses the TNSR CLI pki commands documented in Public Key Infrastructure
to generate cryptographic keys that can be used for secure communications and
authentication.
Warning
When creating keys and certificates for updates, the name of each
component must be tnsr-updates, which is the name required by the
software repository configuration.
The first step is to generate a set of cryptographic keys:
tnsr# pki private-key tnsr-updates generate
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
tnsr#
Note
This command can be run only once successfully. Subsequent attempts will result in an error unless the existing key is deleted.
This new tnsr-updates key object contains the private key, which is secret,
and a public key, which is included in the certificate.
The same key pair can be used as the basis for multiple certificate signing requests. If a certificate expires, is accidentally deleted, or needs to be replaced for any other reason other than the keys being compromised, generate a new signing request using the existing key pair.