The OAuth 2.0 JWT bearer authorization flow in Salesforce requires a digital certificate and a private key for authentication. This guide will walk you through the process of generating these components using OpenSSL.
Why Do You Need a Digital Certificate and Private Key?
The private key is used to sign the JWT token, while the digital certificate is uploaded to a Salesforce connected app to facilitate authentication. You can either use a certificate issued by a trusted certification authority or generate a self-signed certificate using OpenSSL.
Steps to Generate a Private Key and Self-Signed Certificate
Step 1: Install OpenSSL (If Necessary)
First, check if OpenSSL is installed on your system. Run the following command:
which openssl
If OpenSSL is not installed, follow the installation instructions specific to your operating system.
Step 2: Create a Directory for Storing Files
To keep your files organized, create a directory and navigate into it:
mkdir /Users/jdoe/JWT
cd /Users/jdoe/JWT
Step 3: Generate a Private Key
Use OpenSSL to create a private key file:
openssl genrsa -des3 -passout pass:SomePassword -out server.pass.key 2048
openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key
Once generated, you can delete server.pass.key as it is no longer needed.
Step 4: Create a Certificate Signing Request (CSR)
Now, generate a certificate signing request using the private key:
openssl req -new -key server.key -out server.csr
You will be prompted to enter details about your organization, such as the country, state, and company name.
Step 5: Generate a Self-Signed Digital Certificate
Finally, create a self-signed certificate valid for 365 days:
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
Final Output Files
After completing the steps, you will have two essential files:
- server.key: The private key used in authorization.
- server.crt: The self-signed digital certificate uploaded to Salesforce.
Conclusion
By following these steps, you can generate the necessary cryptographic files for Salesforce JWT authentication. This setup ensures a secure, seamless integration with Salesforce APIs.