Creating Your Own Certification Authority

About this task

If you are going to use SSL authentication within your company's boundaries and not for outside internet commerce, you might find it simpler to create your own certification authority (CA) to trust all your HCL Workload Automation installations. To do so, follow the steps listed below.
Note: In the following steps, the names of the files created during the process TWS and TWSca are sample names. You can use your own names, but keep the same file extensions.
  1. Choose a workstation as your CA root installation.
  2. Type the following command from the SSL directory to initialize the pseudo random number generator, otherwise subsequent commands might not work.
    • On UNIX:
      $ openssl rand -out TWS.rnd -rand ./openssl 8192
    • On Windows:
      $ openssl rand -out TWS.rnd -rand ./openssl.exe 8192
  3. Type the following command to create the CA private key:
    $ openssl genrsa -out TWSca.key 2048
  4. Type the following command to create a self-signed CA Certificate (X.509 structure):
    $ openssl req -new -x509 -days 365 -key TWSca.key -out TWSca.crt -config ./

Now you have a certification authority that you can use to trust all of your installations. If you want, you can create more than one CA.