Create and Sign Certificates

Use the create-certificate script to create signed certificates using the CA. Use this script to generate:
  • Multiple certificates for multiple host machines.
  • New certificates used for certificate rotation.
  • FTA Security and DataView installed on same machine:
    1. Open a command prompt window and execute the following commands to create signed certificates using the CA. The create-certificate script takes four arguments:
      cd <Installation directory>\private-CA
      create-certificate.cmd <host1.acme-widgets.com> <ca-secret-password> <keypassword> <trustpassword>
This command will create the directory for the CA and the certs. Refer to certificate-authority-dir-structure.html#i1112328_i1114860.
Refer to Table 1 for the list of the supported special characters that can be used to create the certificates.
  • 1st argument (
    host1.acme-widgets.com
    ): The fully qualified domain name (FQDN) for the server for which the certificate is being created. The FQDN is used as the file base name for all of the output files related to the certificate.
  • 2nd argument (
    ca-secret-password
    ): The password used to encrypt the private key for the CA (see create-ca).
  • 3rd argument (
    keypassword
    ): The password used for the certificate private key and the Java keystore file.
  • 4th argument (
    trustpassword
    ): The password used for the Java truststore file.
    IMPORTANT:
    Do not use the word “password” as a password for generating keys and certificates.
  • FTASecurity and DataView installed on different machines
    1. Go to the machine where FTASecurity is installed and execute the following command to generate the certificates with DataView hostname (FQDN):
      create-certificate.cmd <DataView_hostname (FQDN) > <ca-secret-password> <keypass> <trustpass>
    2. Copy the
      <DataView_hostname (FQDN)>.p12
      and
      truststore.jks
      files generated in FTASecurity machine to the DataView machine and configure DataView with the copied
      <DataView_hostname (FQDN)>.p12
      and
      truststore.jks
      files.
    Refer to Table 1 for the list of the supported special characters that can be used to create the certificates.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.