Using OpenSSL The basics command line steps to generate a private and public key using OpenSSL are as follows: openssl genrsa -out privatekey.pem 1024 openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825 openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer Step 1: generates a private key Step 2: creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application). Step 3: Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required. Note: If you are using Java libraries which require extracting the private key in PKCS8 format, please refer here. Please vidmate make a note of the expiry date of your certificate as you will need to upload a replacement in the Xero Developer Center before the expiry date to ensure uninterrupted service.
... View more