We’ve provided a helper script that may be handy for preparing your tenant secret for installation. It generates a random number as your tenant secret, calculates a SHA256 hash of the secret, and uses the public key from the certificate to encrypt the secret.
Download the script from the Salesforce Knowledge Base. Save it in the same directory as the certificate.
Run the script specifying the certificate name, like this: ./secretgen.sh my_certificate.crt
Replace this certificate name with the actual filename of the certificate you downloaded.
If needed, use chmod +w secretgen.sh
to make sure you have write permission to the file and use chmod 775
to make it executable.
The script generates a number of files. Look for the two files that end with the .b64 suffix.
The files ending in .b64 are your base 64-encoded encrypted tenant secret and base 64-encoded hash of the plaintext tenant secret. You’ll need both of these files for the next step.