X.509: Private / Public Key
We're trying to implement some functionality of a Web-Service from one of our partners. Now, the content which is beeing transmitted, should be encrypted with a public key, which we have to provide.
The security-specification says that the public-certificate has to be X.509 standard. Doesn't X.509 rely on the private / public key method? Because I only get one .pem file, containing a private key, and a certificate, but no public key, using the following command:
openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./cert.pem
Do I have to modify the command in order to create a private and a public key?
Answer
The basics command line steps to generate a private and public key using OpenSSL are as follow
openssl genrsa -out private.key 1024
openssl req -new -x509 -key private.key -out publickey.cer -days 365
openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer
Step 1 – generates a private key
Step 2 – creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application).
Step 3 – Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required.
Hope that helps! This answer explains the different file extensions.