Create Certificate Authority
The certificate authority must be the same for Security and the webapp (truststore).
The keystore files are generated from the certificate authority and must be named with the FQDN.
After the configuration is complete, create the CA using the create-ca script. This script takes one argument which is the password used to encrypt the private key for the CA. Write down this key somewhere for future reference.
This script only needs to be run once. Once the CA has been created, the user can generate and sign many certificates. Each time the script is executed it will check to see if a CA has been created and quit early if it finds one already exists.
Open a command prompt window and execute the following commands:
|
The following table contains a list of the supported special characters that can be used to create a password for the certificates:
~ | { | } | [ | ] | @ | ? |
- | _ | : | * | + | / | ! |
$ | . |
NOTE:
Combinations of 3 supported special characters in a consecutive pattern may cause unexpected results. For example: ${}
The following table contains a list of the unsupported special characters that can be used to create a password for the certificates:
| | < | > | & | \ | , | ‘ |
` | # | % | ^ | ( | ) | = |
" | ; | blank |
This command will create the directory for the CA and the certs. Refer to certificate-authority-dir-structure.html#i1112328_i1114860.
Provide Feedback