Create
Certificate Authority
The certificate authority
must be the same for security and the webapp (truststore).
The keystore files are generated from the certificate
authority and must be named with the FQDN.
After the configuration is complete user need
to create the CA using the create-ca script. This script takes one
argument which is the password used to encrypt the private key for
the CA. Write down this key somewhere for future reference.
IMPORTANT:
Ensure
that proper permissions are provided to access certificates folder.
- Create the certificates with fta-security user.
- This script only needs to be run one time. Once the CA is created user can generate and sign many certificates. Each time the script is executed it will check to see if a CA has been created and quit early if it finds one already exists.$ cd /opt/rockwell/fta-security/private-CA$ ./create-ca.sh <ca-secret-password>IMPORTANT:Do not use the word “password” as a password for generating keys and certificates.
The following table contains a list of the
supported special characters that can be used to create a password
for the certificates:
~ | } | ] | @ | * | + | / |
? | : | . | _ | % | ^ | - |
NOTE:
Combinations of 3 supported
special characters in a consecutive pattern may cause unexpected results.
For example: ${}
The following table contains a list of the
unsupported special characters that can be used to create a password
for the certificates:
| | < | > | & | ! | \ | $ |
{ | [ | " | ' | ` | = | ; |
blank | # | ( | ) | , |
This command will create the directory for
the CA and the certs. Refer to Table A- 3.
Provide Feedback