Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerExchange for CDC and Mainframe H2L
  • All Products

Table of Contents

Search

  1. Abstract
  2. Supported Versions
  3. Implementing TLS Security in a PowerExchange Network

Implementing TLS Security in a PowerExchange Network

Implementing TLS Security in a PowerExchange Network

Back Next

Step 3C. Create Personal Certificates on Linux, UNIX or Windows

Step 3C. Create Personal Certificates on Linux, UNIX or Windows

To create a personal certificate, issue the OpenSSL req and x509 commands and then concatenate the two files that these commands create.
Alternatively, you can create a personal certificate by using one of the following methods:
  • Export an existing Windows certificate, and convert it to .pem format by using OpenSSL.
  • Generate a personal certificate on the z/OS system by using RACF and export the certificate to the Linux, UNIX, or Windows system. Then convert the certificate to the .pem format by using OpenSSL or the PWXUSSL utility.
  1. If the OpenSSL program is not running, enter the following command at the command prompt to start the program: 
    openssl
    The OpenSSL> prompt appears.
  2. To generate a private key and a request for a personal certificate, issue the following OpenSSL req command: 
    OpenSSL> req -newkey rsa:2048 -
    digest
     -keyout 
    personalkey
    .pem -out 
    personalreq
    .pem
    Options:
    -newkey rsa:2048
    Requests a new certificate request and a 2048-bit RSA private key.
    -digest
    Specifies the message digest used to sign the request. A value specified in this option overrides the message digest specified in the configuration file, unless a public key algorithm is configured that overrides this choice. For example, a DSA signature will always use an SHA1 digest. The generic name
    dgst
     can also be specified. The default digest is SHA256. To see a list of supported algorithms, use the
    list --digest-commands
     command.
    -keyout
    personalkey
    .pem
    Specifies the name of a file to which the private key for the personal certificate is written.
    -out
    rootreq
    .pem
    Specifies the name of a file to which the certificate request for the personal certificate is written.
  3. At the prompt for a passphrase, enter the passphrase that you provided when you created the CA certificate.
  4. At the prompt for a PEM passphrase, enter a second passphrase. You will specify this passphrase in the PASS parameter of the SSL statement in the DBMOVER configuration file.
  5. Respond to the series of prompts that OpenSSL displays. You can use the same responses that you provided for the CA certificate request.
  6. To generate a personal certificate, issue the following OpenSSL x509 command: 
    OpenSSL> x509 -req -in 
    personalreq
    .pem -
    digest
     -CA 
    rootcert
    .pem -CAkey 
    rootkey
    .pem -CAcreateserial -out 
    personalcert
    .pem -days 
    999
    Options:
    -req
    Specifies that the input is a certificate request rather than a certificate.
    -in
    personalreq
    .pem
    Specifies the name of the input certificate request file that you created in step 2.
    -digest
    Specifies the message digest used to sign the request. A value specified in this option overrides the message digest specified in the configuration file, unless a public key algorithm is configured that overrides this choice. For example, a DSA signature will always use an SHA1 digest. The generic name
    dgst
     can also be specified. The default digest is SHA256. To see a list of supported algorithms, use the
    list --digest-commands
     command.
    -CA
    rootcert
    .pem
    Specifies the name of the file that contains the CA root certificate that was created in the step 2.
    -CAkey
    rootkey
    .pem
    Specifies the use of the CA private key that was created in the step 2 and is that is used to sign this certificate.
    CAcreateserial
    Creates the CA serial number file.
    -out
    personalcert
    .pem
    Specifies the name of the file to which the personal certificate is written.
    -days
    Specifies the number of days before the certificate expires, from 1 to 999. Default is 30.
  7. Concatenate the personal key and personal certificate.
    On Windows, enter the following command: 
    type 
    personalcert
    .pem 
    personalkey
    .pem > 
    personalcertkey
    .pem
    On Linux or UNIX, enter the following command: 
    cat 
    personalcert
    .pem 
    personalkey
    .pem > 
    personalcertkey
    .pem
    This step creates the file
    personalcertkey
    .pem. Specify this value in the KEY parameter of the SSL statement in the DBMOVER configuration file.
0 COMMENTS
We’d like to hear from you!