Generate a Key Pair¶
This guide uses the TNSR CLI
pki commands documented in Public Key Infrastructure
to generate cryptographic keys that can be used for secure communications and
When creating keys and certificates for updates, the name of each
component must be
tnsr-updates, which is the name required by the
software repository configuration.
The first step is to generate a set of cryptographic keys:
tnsr# pki private-key tnsr-updates generate -----BEGIN PRIVATE KEY----- [...] -----END PRIVATE KEY----- tnsr#
This command can be run only once successfully as TNSR will not overwrite an existing key. To generate a new key, remove the existing key first.
tnsr-updates key object contains the private key, which is secret,
and a public key, which is included in the certificate.
The same key pair can be used as the basis for multiple certificate signing requests. If a certificate expires, is accidentally deleted, or needs to be replaced for any other reason other than the keys being compromised, generate a new signing request using the existing key pair.