Create TLS Certificates
About this task
You can obtain your own certificates from a certificate authority or you can create your own with the following steps using openssl:
Procedure
-
Generate root CA private key PEM file:
openssl genrsa -out rootCA.key.pem
-
Create a self signed root CA certificate in PEM file:
openssl req -new -x509 -key rootCA.key.pem -subj "/C=US/ST=Kansas/L=Olathe/O=HCL/OU=OneDB" -days 3650 -out rootCA.cert.pem
-
Generate server private key:
openssl genrsa -out server.key.pem
-
Generate a certificate signing request (CSR) for OneDB Server:
openssl req -new -key server.key.pem -subj "/C=US/ST=Kansas/L=Olathe/O=HCL/OU=OneDB/CN=Server/emailAddress=onedb@hcl.com" -out server.req.pem
-
Sign certificate with root CA:
openssl x509 -req -inform PEM -in server.req.pem -set_serial 1 -CA rootCA.cert.pem -CAkey rootCA.key.pem -days 3650 -extensions usr_cert -outform PEM -out server.cert.pem
-
Convert rootCA.cert.pem to base64 -> tlscacert:
base64 rootCA.cert.pem -w 0 > tlscacert
-
Convert server.cert.pem to base64 -> tlscert:
base64 server.cert.pem -w 0 > tlscert
-
Convert server.key.pem to base64 -> tlskey:
base64 server.key.pem -w 0 > tlskey