Create and Sign Certificates

Use the create-certificate script to create signed certificates using the CA. User can use this script to generate:
  • Multiple certificates for multiple host machines.
  • New certificates used for certificate rotation.
  1. Execute the following command create signed certificates using the CA. The create-certificate script takes four arguments:
    $ ./create-certificate.sh <host1.acme-widgets.com> <ca-secret-password> <key-password> <trust-password>
    • 1st argument (host1.acme-widgets.com): The fully qualified domain name (FQDN) for the server for which the certificate is being created. The FQDN is used as the file base name for all of the output files related to the certificate.
    • 2nd argument (ca-secret-password): The password used to encrypt the private key for the CA (see create-ca).
    • 3rd argument (keypass): The password to use for the certificate private key and the Java keystore file.
    • 4th argument (trustpass): The password to use for the Java truststore file.
    Refer to Table 1‑3 for supported special characters that can be used to create a password for the certificates.
This command will create the directory for the CA and the certs. Refer to Table A- 4.
  1. Execute the following command to logout the 'fta-security' user:
    $ exit
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.