Create TLS Certificates

About this task

You can obtain your own certificates from a certificate authority or you can create your own with the following steps using openssl:

Procedure

  1. Generate root CA private key PEM file: 
    openssl genrsa -out rootCA.key.pem
  2. Create a self signed root CA certificate in PEM file: 
    openssl req -new -x509 -key rootCA.key.pem -subj "/C=US/ST=Kansas/L=Olathe/O=HCL/OU=OneDB" -days 3650 -out
 rootCA.cert.pem
  3. Generate server private key: 
    openssl genrsa -out server.key.pem
  4. Generate a certificate signing request (CSR) for OneDB Server: 
    openssl req -new -key server.key.pem -subj
 "/C=US/ST=Kansas/L=Olathe/O=HCL/OU=OneDB/CN=Server/emailAddress=onedb@hcl.com" -out server.req.pem
  5. Sign certificate with root CA: 
    openssl x509 -req -inform PEM -in server.req.pem -set_serial 1 -CA 
rootCA.cert.pem -CAkey rootCA.key.pem -days 3650 -extensions usr_cert -outform PEM -out server.cert.pem
  6. Convert rootCA.cert.pem to base64 -> tlscacert: 
    base64 rootCA.cert.pem -w 0 > tlscacert
  7. Convert server.cert.pem to base64 -> tlscert: 
    base64 server.cert.pem -w 0 > tlscert
  8. Convert server.key.pem to base64 -> tlskey: 
    base64 server.key.pem -w 0 > tlskey