Creating a self-signed security certificate
If your organization does not have its own security certificate or if you cannot gain access to a copy of it, use this procedure to generate a self-signed security certificate.
Follow these steps:
- Log in to the Control Center master host as root or as a user with superuser privileges.
Create a temporary directory for the new certificates and change to it.
mkdir /tmp/certUpdate && cd /tmp/certUpdate
Create a variable for the domain name of the Control Center master host.
Replace<FQDN>with the fully-qualified domain name of the host:CERT_FQDN="<FQDN>"
Create additional variables for the location and name of your organization.
Replace the items in angle brackets with appropriate values:CERT_COUNTRY="<Country>" CERT_STATE="<StateOrProvince>" CERT_LOCATION="<City>" CERT_ORG="<OrganizationName>"
Create a variable for the number of days until the certificate expires.
Replace<Days>with a numeric value; for example, 1825 (5 years):CERT_EXP="<Days>"
Create a certificate configuration file.
Use your pointer to copy the following text, and then paste it into your terminal session.cat <<EOF > cert.cnf [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = $CERT_COUNTRY ST = $CERT_STATE L = $CERT_LOCATION O = $CERT_ORG CN = $CERT_FQDN [v3_req] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer basicConstraints = CA:TRUE subjectAltName = @alt_names [alt_names] DNS.1 = $CERT_FQDN DNS.2 = *.$CERT_FQDN ## add DNS.? entries as desired here EOF
Create a certificate.
openssl req -x509 -newkey rsa:4096 -nodes -config ./cert.cnf -keyout $CERT_FQDN.key -out $CERT_FQDN.crt -days $CERT_EXP
Verify the certificate.
openssl x509 -in ./$CERT_FQDN.crt -text -noout
- Install the certificate for Control Center use.
For more information, see Optional: Installing a security certificate.