Generate a Key PairΒΆ

This guide uses the TNSR CLI pki commands documented in Public Key Infrastructure to generate cryptographic keys that can be used for secure communications and authentication.

Warning

When creating keys and certificates for updates, the name of each component must be tnsr-updates, which is the name required by the software repository configuration.

The first step is to generate a set of cryptographic keys:

tnsr# pki private-key tnsr-updates generate
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
tnsr#

Note

This command can be run only once successfully. Subsequent attempts will result in an error unless the existing key is deleted.

This new tnsr-updates key object contains the private key, which is secret, and a public key, which is included in the certificate.

The same key pair can be used as the basis for multiple certificate signing requests. If a certificate expires, is accidentally deleted, or needs to be replaced for any other reason other than the keys being compromised, generate a new signing request using the existing key pair.