Create
and Sign Certificates
Use the create-certificate
script to create signed certificates using the CA. User can use
this script to generate:
- Multiple certificates for multiple host machines.
- New certificates used for certificate rotation.
- Execute the following command create signed certificates using the CA. The create-certificate script takes four arguments:$ ./create-certificate.sh <host1.acme-widgets.com> <ca-secret-password> <key-password> <trust-password>
- 1st argument (host1.acme-widgets.com): The fully qualified domain name (FQDN) for the server for which the certificate is being created. The FQDN is used as the file base name for all of the output files related to the certificate.
- 2nd argument (ca-secret-password): The password used to encrypt the private key for the CA (see create-ca).
- 3rd argument (keypass): The password to use for the certificate private key and the Java keystore file.
- 4th argument (trustpass): The password to use for the Java truststore file.
Refer to Table 1‑3 for supported special characters that can be used to create a password for the certificates.
This command will create the directory for
the CA and the certs. Refer to Table A- 4.
- Execute the following command to logout the 'fta-security' user:$ exit
Provide Feedback