You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
Welcome to the CAREWare FAQ Page
announcement close button
Home > Importing and Exporting Data > CAREWare FHIR > How to generate a unique public and private key PEM file and a PFX file for CAREWares PDI FHIR App setup
How to generate a unique public and private key PEM file and a PFX file for CAREWares PDI FHIR App setup
print icon

Follow these instructions to generate RSA keys to connect a CAREWare PDI FHIR Datasource with an EMR FHIR App.


1. Install OpenSSL from these binaries: OpenSSL for Windows Pre-compiled Win32/64 at .


2. Make a directory where you want your .PEM and .PFX files to be created.  Copy makecert.bat to that directory.


3. Open a command window and navigate to the directory where you put makecert.bat.


4. To check if the openssl bin folder is in your environment variable PATH list, do the following.


  • At the command prompt enter: openssl .
  • If you get a list of available openssl commands, you're good; otherwise check your openssl installation.


5. At the command prompt enter: makecert . Your command window should prompt you for your pfx password, which you will later need to set up your CAREWare PDI FHIR Data Source.



6. At the command prompt, enter the password and then confirm the password.


7. At the command prompt enter: dir . You should see the following files:



The file rsaCwFhirApp.pfx is a password-protected file which contains the randomly generated public key and the private key that match the data in the two .PEM files.  This .PFX file, along with the password, is required to set up a PDI FHIR Datasource on the CAREWare side.


The file publicKey509CwFhirApp.pem is what you use at your EMR’s FHIR App setup screen when it asks for the public key.  During this setup of the FHIR App on the EMR side, you should save some key information that CAREWare will need: The Client ID, the Non-production Client ID, and any URL information (if it is provided at this time).  The Client ID is a unique EMR-assigned key that identifies the CAREWare PDI FHIR Datasource you plan to use at the EMR’s authentication server.


privateKeyCwFhirApp.pem was only created as a step in the process to make the pfx file. It should be safely stored with the other keys or deleted.  If a bad actor gets your private key, he or she can use FHIR to get medical information from your EMR under your name.   You can always get your private key again using OpenSSL and your .PFX file as long as you have your password.


These three .PEM and .PFX files only work with each other. If you need another PDI FHIR Datasource to connect to another EMR instance, you should use makecert.bat and make a fresh set of keys to use for that connection.


If you do not have makecert.bat, then you can make your own batch file with the following text:


set certname=CwFhirApp


openssl genrsa -out privateKey%certname%.pem 2048


openssl req -new -x509 -key privateKey%certname%.pem -out publicKey509%certname%.pem -subj /CN=%certname%


openssl pkcs12 -inkey privateKey%certname%.pem -in publicKey509%certname%.pem -export -out rsa%certname%.pfx

0 out of 0 found this helpful


scroll to top icon