Generate a Key PairΒΆ
This guide uses the TNSR CLI pki
commands documented in Public Key Infrastructure
to generate cryptographic keys that can be used for secure communications and
authentication.
Warning
When creating keys and certificates for updates, the name of each component
must be tnsr-updates
, which is the name required by the software
repository configuration.
The first step is to generate a set of cryptographic keys:
tnsr# pki private-key tnsr-updates generate
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
tnsr#
Note
This command can be run only once successfully as TNSR will not overwrite an existing key. To generate a new key, remove the existing key first.
This new tnsr-updates
key object contains the private key, which is secret,
and a public key, which is included in the certificate.
The same key pair can be used as the basis for multiple certificate signing requests. If a certificate expires, is accidentally deleted, or needs to be replaced for any other reason other than the keys being compromised, generate a new signing request using the existing key pair.