Private and Partner applications must sign messages using the OAuth RSA-SHA1 method.
This requires that you create a public/private key-pair, and upload the public certificate during application registration. We refer to this certificate as an application certificate.
To get started with creating a public/private key-pair we recommend the use of OpenSSL
To run the commands below, go to the OpenSSL32 directory on your PC, and change to the /bin directory.Notes:
OpenSSL comes shipped with Mac OS X version 10.6.2 onwards. You can use Terminal to run OpenSSL (search for 'terminal' using the search bar in the top right of your screen on your desktop) to open the terminal window and then run the commands below.Notes:
The basics command line steps to generate a private and public key using OpenSSL are as follows:
openssl genrsa -out privatekey.pem 1024 openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825 openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer
Please make a note of the expiry date of your certificate as you will need to upload a replacement in the Xero Developer Center before the expiry date to ensure uninterrupted service.