Skip to main content

Create certificate authority

Create a private certificate authority including private key and public certificate


This tutorial shows how to use the script, to create a private CA key pair of files named ca.key (the private key) and ca.crt (the public certificate).

This tutorial shows how to use the script, to create a private CA key pair of files named ca.key (the private key) and ca.crt (the public certificate).

This key pair will be used to create signed certificates for your servers and clients.

  1. Navigate to the <faircomInstallationDirectory>/drivers/certificates folder.

  2. At the command prompt, run the python command. No command line parameters are required.

    You are prompted for a company name.

  3. Enter the company name. This name will be used as the Organization in the signed certificates you will later create and will be the basis for the Common Name.

    You are prompted for a directory that will be used to store the generated certificate files.

  4. Enter either an absolute path or a relative path. If you enter certificates, all files will be in a directory named "certificates" within your current directory. Ensure this directory is secure (not shared) and is backed up properly.

    You are prompted for the certificate validity duration in months based on the current date.


    When a certificate expires, communications using that certificate no longer work.  The recommended expiration is 13 months to give time to renew each year.  When a signed certificate expires, it must be replaced by a new signed certificate everywhere it is used, such as operating systems, browsers, and other software.

  5. Enter the desired number of months.


    A summary is displayed of all command-line options and values that will be used when the command to perform this operation is run. You may want to make a copy of this information, so you can repeat this exact run in the future. Only the serial number will be different.

    You are prompted to create the key pair files.

  6. Press Enter, and the ca.key and ca.crt key pair files will be generated and saved.

    The generated file information is displayed.

    The output files shown at the end of the display will always show the absolute path to the files, even if relative paths were used throughout the program.

  7. Press Enter to exit.


CA Key pair files

Table 1. CA key pair files





CA key file

WARNING! Store this key in a secure location. It is the "private" key of the key pair.
If malicious users gain access to this key, they can compromise network communications.


CA certificate file

The ca.crt file is freely distributed to sources that will need to validate your servers and clients as trustworthy.
It is recommended to create a new CA certificate and recreate certificates for your servers and clients every year.

Script default values


The following are default values used by the script.

Table 2. The Python script default values






Considered secure as of 2023

Bit depth


Considered secure as of 2023

Org name


The company name you enter

Common name

<myCompanyName> Private Certificate Authority

The company name you enter plus the text "Private Certificate Authority"

Serial number

current time stamp + serial number

The current time and serial number in yyyy-mm-dd hh:mm:ss.ssssss sn format.



is 2023-09-26 17:42:42.421981 000000001

"00000001" is the first serial number assigned and is incremented for each certificate created.


This value is helpful in uniquely identifying the version of the certificate.