Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

Creating a CA Certificate with OpenSSL

Creating a CA Certificate with OpenSSL

Create a CA certificate that you can use to sign personal certificates on Linux, UNIX, or Windows.
If you have a CA certificate that you can use to sign personal certificates, skip this step.
  1. At the command prompt, enter the following command:
    openssl
    The OpenSSL> prompt appears.
  2. To generate a private key and a request for a CA certificate, issue the OpenSSL req command:
    OpenSSL> req -newkey rsa:2048 -sha1 -keyout
    rootkey
    .pem -out
    rootreq
    .pem
    -newkey rsa:2048
    Requests a new certificate request and a 2048-bit RSA private key.
    -sha256
    Specifies to use the SHA-256 hash function to sign the request.
    -keyout
    rootkey
    .pem
    File name to which to write the private key for the CA certificate.
    -out
    rootreq
    .pem
    File name to which to write the certificate request for the CA certificate.
  3. Respond to the series of prompts that OpenSSL displays.
    For most prompts, you can accept the default. For Common Name, you can use the server name.
  4. To generate a public CA certificate, issue the OpenSSL x509 command:
    OpenSSL> x509 -req -in
    rootreq
    .pem -sha1 -extensions V3_CA -signkey
    rootkey
    .pem -out
    rootcert
    .pem
    -req
    Specifies that the input is a certificate request, rather than a certificate.
    -in
    rootreq
    .pem
    Name of the input certificate request file that you created in the previous step.
    -sha256
    Specifies to use the SHA-256 hash function to sign the request.
    -extensions V3_CA
    Specifies V3_CA as the section to add certificate extensions from. Use this option to convert a certificate request into a self signed certificate using extensions for a CA.
    -signkey
    rootkey
    .pem
    Specifies to use the private key that you created in the previous step to sign this certificate.
    -out
    rootcert
    .pem
    File name to which to write the CA certificate. If you require authentication, you can specify this value for the CALIST parameter of the SSL statement in the DBMOVER file.