Creating a public/private key pair
Private and Partner application must sign messages using the OAuth RSA-SHA1 method.
This requires that you create a public/private key-pair, and upload the public certificate during application registration. We refer to this certificate as an application certificate.
To get started with creating a public/private key-pair we recommend the use of OpenSSL
To run the commands below, go to the OpenSSL32 directory on your PC, and the change to the /bin directory.
You may need to open the command prompt with admin privileges (Run as administrator)
If OpenSSL has just been installed, you might need to restart your computer before it can generate certs
OpenSSL comes shipped with Mac OS X version 10.6.2
The basics command line steps to generate a private and public key using OpenSSL are as follow
openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 365
openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer
Step 1 – generates a private key
Step 2 – creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application).
Step 3 – Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required.
Please make a note of the expiry date of your certificate as you will need to upload a replacement in the Xero Developer Center before the expiry date to ensure uninterrupted service.