Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerExchange for CDC and Mainframe H2L
  • All Products

Table of Contents

Search

  1. Abstract
  2. Supported Versions
  3. Implementing TLS Security in a PowerExchange Network

Implementing TLS Security in a PowerExchange Network

Implementing TLS Security in a PowerExchange Network

Back Next

Step 3B. Create CA Certificates on Linux, UNIX, or Windows

Step 3B. Create CA Certificates on Linux, UNIX, or Windows

Create a CA certificate that you can use to sign personal certificates on Linux, UNIX, or Windows.
If you already have a CA certificate that you can use to sign personal certificates, skip this step.
  1. At the command prompt, enter the following command: 
    openssl
    The OpenSSL> prompt appears.
  2. To generate a private key and a request for a CA certificate, issue the OpenSSL req command: 
    OpenSSL> req -newkey rsa:2048 -
    digest
     -keyout 
    rootkey
    .pem -out 
    rootreq
    .pem
    Options:
    -newkey rsa:2048
    Requests a new certificate request and a 2048-bit RSA private key.
    -digest
    Specifies the message digest used to sign the request. A value specified in this option overrides the message digest specified in the configuration file, unless a public key algorithm is configured that overrides this choice. For example, a DSA signature will always use an SHA1 digest. The generic name
    dgst
     can also be specified. The default digest is SHA256. To see a list of supported algorithms, use the
    list --digest-commands
     command.
    -keyout
    rootkey
    .pem
    Specifies the name of a file to which the private key for the CA certificate is written.
    -out
    rootreq
    .pem
    Specifies the name of a file to which the certificate request for the CA certificate is written.
  3. Respond to the series of prompts that OpenSSL displays.
    For most prompts, you can accept the default. For Common Name, you can use the server name.
  4. To generate a public CA certificate, issue the OpenSSL x509 command: 
    OpenSSL> x509 -req -in 
    rootreq
    .pem -
    digest
     -extensions V3_CA -signkey 
    rootkey
    .pem -out rootcert.pem -days 999
    Options:
    -req
    Specifies that the input is a certificate request rather than a certificate.
    -in
    rootreq
    .pem
    Specifies the name of the input certificate request file that you created in step 2.
    -digest
    Specifies the message digest used to sign the request. A value specified in this option overrides the message digest specified in the configuration file, unless a public key algorithm is configured that overrides this choice. For example, a DSA signature will always use an SHA1 digest. The generic name
    dgst
     can also be specified. The default digest is SHA256. To see a list of supported algorithms, use the
    list --digest-commands
     command.
    -extensions V3_CA
    Specifies V3_CA as the section from which to add certificate extensions. Use this option to convert a certificate request into a self-signed certificate by using extensions for a CA.
    -signkey
    rootkey
    .pem
    Specifies use of the private key that you created in step 2 to sign this certificate.
    -out
    rootcert
    .pem
    Specifies the name of the file to which the CA certificate is written. If you require authentication, specify this value for the CALIST parameter of the SSL statement in the DBMOVER file.
    -days
    Specifies the number of days before the certificate expires, from 1 to 999. Default is 30.
0 COMMENTS
We’d like to hear from you!