Table of Contents

Search

  1. About the Data Vault Administrator Guide
  2. Introduction to the Data Vault
  3. Data Vault Service Startup and Shutdown
  4. Data Vault Configuration
  5. Data Vault SSL Setup
  6. Data Vault ODBC Setup
  7. Data Vault Administration
  8. Data Repartitioning
  9. Partial Data Vault Copy
  10. Archived Data Migration
  11. Bulk File Uploader
  12. Data Vault Administration Tool
  13. Data Vault Logs
  14. User Account Privileges
  15. ssasql Command Line Program
  16. Data Vault Audit Log
  17. Sample Configuration Files

Data Vault Administrator Guide

Data Vault Administrator Guide

Step 1. Create the Certificate Authority Root Key and Certificate

Step 1. Create the Certificate Authority Root Key and Certificate

Create the keypair and use the root key to sign the CA certificate.
  1. Create the keypair:
    openssl genrsa -des3 -out <your CA key name> <key length>
    For example:
    openssl genrsa -des3 -out -root-ca.key 2048
    Generating RSA private key, 2048 bit long modulus ..............++++++ ..........++++++ e is 65537 (0x10001) Enter pass phrase for root-ca.key: Verifying - Enter pass phrase for root-ca.key:
    You are asked for a password that will be the CA password. Then the system asks for the password again. The output of this command, the file
    root-ca.key
    , contains an RSA keypair that is encrytped using the password you supply. For someone to use this key to create new certificates, either host or client, they will need both this file and the password.
  2. Use the CA root key to sign the CA certificate:
    openssl req -new -x509 -days <days of validity> -key <your CA key name> -out <root CA certificate name> -config <config file name>
    For example:
    openssl req -new -x509 -days 3650 -key root-ca.key -out root-ca.crt -config openssl.cnf
    Create a new, self-signed X.509 certificate valid for ten years, for the keypair in the file root-ca.key, and place the output in the file root-ca.crt.
    You are prompted to give identifying information for the certificate. Do not to use single quotes in the responses, due to a quirk in the Globus implementation. For example, don't use a common name like "Alice's CA". If you have customized the configuration file as suggested above, the defaults you specified there will make this step easier. The openssl req command recognizes that the request is for a self-signed certificate, and automatically applies suitable options, such as setting "CA:TRUE."
    The default values as shown above in square brackets are from the configuration file. You can input any value or use the default. Provide a common name. Do not use an email address.
    The following text is a sample output screen:
    Enter pass phrase for root-ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [SampleProvince]: Locality Name (eg, city) [Madison]: Organization Name (eg, company) [SampleOrg]: Second Organization Name (eg, company) [Computer Sciences Department]: Organizational Unit Name (eg, section) [INFA_sample Project]: Common Name (eg, YOUR name) []:<Any Name eg: MyRootCA> Email Address []:
  3. Use the commands below to move the
    root.ca.crt
    and
    root-ca.key
    files:
    On UNIX:
    cp root-ca.crt INFA_sampleSigningCA1/signing-ca-1.crt cp root-ca.key INFA_sampleSigningCA1/signing-ca-1.key
    On Microsoft Windows:
    copy root-ca.crt INFA_sampleSigningCA1\signing-ca-1.crt copy root-ca.key INFA_sampleSigningCA1\signing-ca-1.key
    You must copy the files above because you have set the location and name of the CA certificate this way in the
    openssl.conf
    file.

0 COMMENTS

We’d like to hear from you!