openssl-env
Settings
Below are the definitions
for the openssl-env settings:
Fta-setup-env
Setting | Description |
|---|---|
CA_SUBJECT_COMMON_NAME | This is
a descriptive name for the certificate authority. |
SUBJECT_COUNTRY | This is
typically a two character code ISO format country code used to identify
the country where the certificate authority is located. A reference for the valid country codes
can be found at https://www.nationsonline.org/oneworld/country_code_list.htm |
SUBJECT_ORGANIZATION | This is
the name of the organization that owns the certificate authority. |
SUBJECT_STATE | The state
or province for certificate authorities based in the United States
or Canada. |
SUBJECT_LOCALITY | The city
where the organization owning the certificate authority is located. |
SUBJECT_COMMON_NAME | The common
name must contain the domain name used by the certificate authority
and for each of the servers. |
CERT_ROOT_DIRECTORY | By default
the CA and the signed certificates are stored in a directory called
.fta-ca under the user’s home directory.
NOTE:
The root private key should be stored in a secure
place, preferably offline, and access to the key should be limited
to the user signing the certificates. If the key is not secure,
the certificates signed with the key cannot be trusted. |
CA_EXPIRATION_DAYS | The root
keys generated for the CA expire over time. The default expiration
period is 10 years. This can be adjusted as needed. |
OPENSSL | The OPENSSL variable
is used to define the location of the OpenSSL command line tool.
It is required only for running the scripts on Windows. |
Provide Feedback