Generating self-signed certificates

Self-signed certificates are used for creating certificate files that you can install in the Windows™ Certificate Store.

If you only plan to use the public and private key pair, skip this section and go to Configuring the IBM RPA Vault instead.

If you want to use a certificate as your System Vault's private key, see the Procedure and make sure to fulfill the requirements described in Before you begin.

Before you begin


  1. On the OpenSSL command prompt, type:

    req -x509 -sha256 -newkey rsa:2048 -keyout keyname.key -out certificatename.crt -days 365

    Where keyname.key is the generated key file and certificatename.crt is the generated certificate file. This command creates a 2048 bits RSA key, following the X.509 standard with a SHA256 hash valid for 365 days.

    You must add a password to protect the key file.

    OpenSSL generating a key pass phrase
  2. The application then asks for specific information regarding the Certificate Authority signing the certificate:

    Generating certificate
  3. Provide the required information, and press enter to finish.

What to do next

After you generate a self-signed certificate, you must generate a PKCS#12 file to install it in the Certificate Store. See the following links to proceed: