Create Certificate Authority

The certificate authority must be the same for security and the webapp (truststore).
The keystore files are generated from the certificate authority and must be named with the FQDN.
After the configuration is complete user need to create the CA using the create-ca script. This script takes one argument which is the password used to encrypt the private key for the CA. Write down this key somewhere for future reference.
IMPORTANT:
Ensure that proper permissions are provided to access certificates folder.
  1. Create the certificates with fta-security user.
  2. This script only needs to be run one time. Once the CA is created user can generate and sign many certificates. Each time the script is executed it will check to see if a CA has been created and quit early if it finds one already exists.
    $ cd /opt/rockwell/fta-security/private-CA
    $ ./create-ca.sh <ca-secret-password>
    IMPORTANT:
    Do not use the word “password” as a password for generating keys and certificates.
The following table contains a list of the supported special characters that can be used to create a password for the certificates:
Supported Special Characters
~
}
]
@
*
+
/
?
:
.
_
%
^
-
NOTE:
Combinations of 3 supported special characters in a consecutive pattern may cause unexpected results. For example: ${}
The following table contains a list of the unsupported special characters that can be used to create a password for the certificates:
Unsupported Special Characters
|
<
>
&
!
\
$
{
[
"
'
`
=
;
blank
#
(
)
,
This command will create the directory for the CA and the certs. Refer to Table A- 3.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.