Create a Private Key for your Certificate

This topic applies to

Applies to

Commerce Web Stores


Use the OpenSSL utility to generate a private key. The private key file contains a unique hash code that binds your certificate to your company. Keep this file stored on your computer.


An SSL certificate only works with the private key associated with it. So you must ensure that your private key remains safe and secret.

To create a private key for your certificate:

  1. Open a command prompt. Go to Start > Accessories > Command Prompt, or type cmd in the Run window.

  2. Type C:, and then press Enter, to change the directory.

  3. Type openssl, and then press Enter.

  4. At the OPENSSL> prompt, type the following command:

    genrsa -aes256 -out secure.domainnamekey.key 2048  


    Name the private key using the same domain name for which you are purchasing the certificate. For example, replace <secure.domainnamekey> with

When you are prompted for a pass phrase, enter a secure password and remember it. Your pass phrase protects the private key. Both the private key and the certificate are required to enable SSL. You will create the certificate in the next step, Generate a Certificate Signing Request (CSR).