)
    val heldCertificate =
      HeldCertificate.Builder()
        .keyPair(publicKey, privateKey)
        .commonName("cash.app")
        .validityInterval(0L, 1000L)
        .rsa2048()
        .build()
    assertThat(
      """
      |-----BEGIN CERTIFICATE-----
      |MIIBmjCCAQOgAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhjYXNo

	public final fun keyPair (Ljava/security/PublicKey;Ljava/security/PrivateKey;)Lokhttp3/tls/HeldCertificate$Builder;
	public final fun organizationalUnit (Ljava/lang/String;)Lokhttp3/tls/HeldCertificate$Builder;
	public final fun rsa2048 ()Lokhttp3/tls/HeldCertificate$Builder;
	public final fun serialNumber (J)Lokhttp3/tls/HeldCertificate$Builder;
	public final fun serialNumber (Ljava/math/BigInteger;)Lokhttp3/tls/HeldCertificate$Builder;

  }

  @Test
  fun `RSA issuer and signature`() {
    val root =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .rsa2048()
        .build()
    val certificate =
      HeldCertificate.Builder()
        .signedBy(root)
        .rsa2048()
        .build()

    val certificateByteString = certificate.certificate.encoded.toByteString()

    // Valid signature.

By default certificates use fast and secure 256-bit ECDSA keys. For interoperability with very old
clients use `HeldCertificate.Builder.rsa2048()`.

Download
--------

```kotlin
implementation("com.squareup.okhttp3:okhttp-tls:4.12.0")
```

 [held_certificate]: https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-held-certificate/

    /**
     * Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of
     * security. RSA keys are interoperable with very old clients that don't support ECDSA.
     */
    fun rsa2048() =
      apply {
        keyAlgorithm = "RSA"
        keySize = 2048
      }

    fun build(): HeldCertificate {
      // Subject keys & identity.
      val subjectKeyPair = keyPair ?: generateKeyPair()

        val heldCertificate =
          HeldCertificate.Builder()
            .commonName("localhost")
            .addSubjectAlternativeName("localhost")
            .rsa2048()
            .build()
        return@lazy HandshakeCertificates.Builder()
          .heldCertificate(heldCertificate)
          .addTrustedCertificate(heldCertificate.certificate)
          .build()
      }

    builder = builder.signedBy(HeldCertificate.Builder().build())
    builder = builder.certificateAuthority(0)
    builder = builder.ecdsa256()
    builder = builder.rsa2048()
    val heldCertificate: HeldCertificate = builder.build()
  }

  @Test
  fun javaNetAuthenticator() {
    val authenticator = JavaNetAuthenticator()
    val response = Response.Builder().build()