Creating a private and public key pair

The IBM RPA system vault uses a private and public key pair for encrypting and decrypting registered credentials. See how to create these keys in the procedure.

Before you begin

Note:OpenSSL does not distribute binaries officially 🡥. Thus, you must compile the source code on your own or check out alternative binary files 🡥.


  1. Once installed, run the OpenSSL command prompt. Type openssl to start the application.

    OpenSSL in the command prompt
  2. To generate a new RSA private key, type:

    genrsa -out {path_to_pem_file} 2048

    {path_to_pem_file} is the absolute path where the PEM file will be generated. Example: C:\Users\user\keyfile.pem.

  3. To generate a public key, type:

    rsa -pubout -in {path_private_pem} -out (path_public_pem)

    {path_private_pem} is the path to the private key PEM file. Example: C:\Users\user\privatekeyfile.pem.

    (path_public_pem) is the path where the public key will be generated. Example: C:\Users\user\keyfile.pem.

Important:The folders referenced by their paths must exist. The OpenSSL application does not create folders.

What to do next

After you generate a private and public key pair, you can register the public key to the Tenant on the Tenant configuration credentials page. See detailed information on Configuring the System Vault.

However, if you want to use this key pair as a certificate file and install it in the Certificate Store, you may do so by Generating self-signed certificates and then Generating a PKCS#12 file.