openssl-env Settings
Below are the definitions for the openssl-env settings:
Fta-setup-env Setting | Description |
---|---|
CA_SUBJECT_COMMON_NAME | This is a descriptive name for the certificate authority. |
SUBJECT_COUNTRY | This is typically a two character code ISO format country code used to identify the country where the certificate authority is located. A reference for the valid country codes can be found at https://www.nationsonline.org/oneworld/country_c ode_list.htm. |
SUBJECT_ORGANIZATION | This is the name of the organization that owns the certificate authority. |
SUBJECT_STATE | The state or province for certificate authorities based in the United States or Canada. |
SUBJECT_LOCALITY | The city where the organization owning the certificate authority is located. |
SUBJECT_COMMON_NAME | The common name must contain the domain name used by the certificate authority and for each of the servers. |
CERT_ROOT_DIRECTORY | By default, the CA and the signed certificates are stored in a directory called .fta-ca under the user’s home directory.
NOTE:
The root private key should be stored in a secure place, preferably offline, and access to the key should be limited to the user signing the certificates. If the key is not secure, the certificates signed with the key cannot be trusted. |
CA_EXPIRATION_DAYS | The root keys generated for the CA expire over time. The default expiration period is 10 years. This can be adjusted as needed. |
OPENSSL | The OPENSSL variable is used to define the location of the OpenSSL command line tool. It is required only for running the scripts on Windows. |
Provide Feedback