Home > Endpoint Management > Other Topics > Creating a Public/Private Certificate Pair

Creating a Public/Private Certificate Pair

Table of contents

A public/private certificate pair can be used to communicate securely between two entities. This guide will walk through the basics for generating a public/private certificate pair for safe & secure distribution. These steps can be used for the Escrow Recovery Key with macOS FileVault 2 encryption, for example, or in many other situations where you need a private/public certificate pair. 

Set Up the Certificates 

The default bash shell in Terminal on macOS can be used to generate the certificates. Simply open Terminal.app on a macOS device, change directory (cd) into the desired location, and run the commands below. 


  1. Generate the private.pem key:

    openssl genrsa -out private.pem 2048

  2. Generate the public.pem key:

    openssl rsa -in private.pem -outform PEM -pubout -out public.pem

  3. Create a CSR (Certificate Signing Request) certificate.csr:

    openssl req -new -key private.pem -out certificate.csr

    If you intend on having your key signed by a CA (Certificate Authority) you can send this .csr file to the CA of choice. The CA will return a certificate which can use instead of the self-signed cert .crt (below). 

  4. Create a self-signed certificate.crt:

    openssl x509 -req -days 3650 -in certificate.csr -signkey private.pem -out certificate.crt

    This certificate.crt is a self-signed certificate which can be safely shared with others.


Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 7182

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community