Creating a Private Key and Self Signed Certificate

Steps

  • Run MakeKeys at the command prompt using the -cert option.

    The following is the syntax:

    > makekeys -cert [-v] [-expdays <cert-expiry-in-days>] [-password <password>] [-len <key-length>] -dname <distinguished-name-string> <private-key-file> <public-key-cert>

    Important: Specify a name for the output private key file with .key extension and output self-signed certificate file with .cer extension.

    For example,

    > makekeys -cert -expdays 3650 -password yourpassword -len 2048 -dname "CN=Symbian Developer O=Nokia C=GB" HelloWorld.key HelloWorld.cer
    

    Here,

    • HelloWorld.key is the name of the output private key file that must be kept secret

    • HelloWorld.cer is the name of the output self-signed public key certificate that can be used to verify the digital signature.

    See MakeKeys Reference for more information on the options and arguments that can be provided with the MakeKeys tool.

Next actions

The self-signed certificate can be included in installation files and used to verify the digital signature with a matching private key. However, secure installation requires that the certificate containing the public key be digitally signed by a trusted third party. Therefore, a certificate request must be sent to the Certification Authority (CA) for signing. See Generating a Certificate Request for details about creating a certificate request.