Generating a Self-Signed Certificate
To generate a self-signed certificate (cert.pem
) from a certificate request file (cert.csr
), perform the following steps:
- Create a Certificate Signing Request (
cert.csr
). - Create a certificate file (
cert.pem
) from your private key (nopwdkey.pem
) and certificate request file (cert.csr
) using the following command (valid for 365 days):openssl x509 -in cert.csr -out cert.pem -req -signkey nopwdkey.pem -days 365
Important: If you want to specify both the certificate and the private key files in the REST API HTTPS configuration, skip the following steps and see REST API HTTPS Settings. - Open up your private key file
nopwdkey.pem
in WordPad. - Copy the contents and paste them below the certificate in
cert.pem
, as in the following example:-----BEGIN CERTIFICATE----- MIICYjCCAcugAwIBAgIJANiRLK2nbg9oMA0GCSqGSIb3DQEBBQUAMEoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApFbWVyeXZpbGxl MREwDwYDVQQDDAhIRUlNREFMTDAeFw0xMjAzMTUwMjA5MzdaFw0xMzAzMTUwMjA5 MzdaMEoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQH DApFbWVyeXZpbGxlMREwDwYDVQQDDAhIRUlNREFMTDCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA5h5aCcN5Up5rNYn7a88dKAehe7CbKDtPF6jdrn52yShJc97f mceJeIsnkVmBVRoIBevxFnNIKxMzzR52c0NKK2gU0ax2k6TWD8yVOHHFepBgcCyF JD9y9g5u444+7S5vsXRpmAx7z3HYHHh9Jjiv7zLoN46Mu+7KpnZnJgFX0QcCAwEA AaNQME4wHQYDVR0OBBYEFHJXtkgif6mZzQBcrp7U7yptf/WzMB8GA1UdIwQYMBaA FHJXtkgif6mZzQBcrp7U7yptf/WzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF BQADgYEARkkc8GmyFtuXsWmjvkUJvRkGJYiQ7LsO5Qg67ONcMr/beJDXsOR3w3lD cDqCglnQuswNySrcAGDPctDJwE2cZbcvpVdNlUd1UdXnbzHAjg/buh6Uy5OYYc0y NtbcKlPpgxvBp6cGua7K01bMeb379vXLNr1EcQG9KmlkHYqqJpU= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOYeWgnDeVKeazWJ +2vPHSgHoXuwmyg7Txeo3a5+dskoSXPe35nHiXiLJ5FZgVUaCAXr8RZzSCsTM80e dnNDSitoFNGsdpOk1g/MlThxxXqQYHAshSQ/cvYObuOOPu0ub7F0aZgMe89x2Bx4 fSY4r+8y6DeOjLvuyqZ2ZyYBV9EHAgMBAAECgYEAh2Jh/I6JaUcUsgn85l+SusNK iTfNAO1ryfKqgYeboRtXo5kDGjkfstDDtargAU5wW/OFAn1OfzEr78i1TXjQP/2h 1ntvOobYeEsRFBlVdoC361GHKoSWMMbrymx75XIRmdW3cIHOSlpHfr2RA9WZfA2R tn8gtITQNKed0uFyBskCQQD6IeYaxWegfoJwpcAmlTlYfyKXdSL9/DGsG+uhAIhU pUWPwsH/uHR8/61wQ9coH1NEy2bVRT0qha1s9CvHA0OFAkEA64RD4t5oQcA+Q/2o TtfYD3MB0NQJVL2KwJaW9hr4+osMQWJSSXTQuymMcd3tLJaS3eg0DVIsg0pO0GYx bVKKGwJANF9IqK5QhkA225M46lswSKFGAuRZ0UgutlSaP3m3EdIRAIrMx9g9O7bk /66UrCfy7WKRQ3Jd3jtjFn8Bc4fxaQJBALCVoRjPTThPXeA4piNHbvZWcrwS31Qs MYao4lNwcdHYw72abLwq2/4Y7vbJQPU3iLLdUXnTbRCbfHCAzvp68pUCQQDX7iVR Wjd9qVlgtR/6wxAQjSHSmlCyTfHA0ncVNzjEjZzA3FiCNq+gHFkBc6Kr4FxfNWCm aoyVGYxl1LT+VHJA -----END PRIVATE KEY-----
- Refer to
cert.pem
on your BigFix server in the certificate path registry setting as described in REST API HTTPS Settings.