Generating a Self-Signed Certificate

To generate a self-signed certificate, you must use the openssl utility to generate a private key and a self-signed certificate for that key.

About this task

The Discover-DNCA package provides the openssl utility in the directory /usr/local/dncauser/bin.

The following steps assume that you logged in to the DNCA host machine as user root. To generate a self-signed certificate:

Procedure

  1. Generate the private key. The following example generates a 2048-bit RSA key file named example.key:
    
    /usr/local/dncauser/bin/openssl genrsa -out example.key 2048
    
  2. Generate the self-signed certificate. The following example generates a self-signed certificate file named example.crt by using the private-key file example.key generated in step 1. With option -days 365, the certificate is valid for the next 365 days (one year):
    
    /usr/local/dncauser/bin/openssl req -x509 -days 365 -newkey rsa:2048 -key \
      example.key -out example.crt
    

    The openssl req command interactively prompts for various values. The following table displays the prompts and sample replies:

    Prompt
    Sample Reply
    Country Name (2 letter code)
    US
    State or Province Name (full name)
    California
    Locality Name (for example, city)
    San Francisco
    Organization Name (for example, company)
    Unica Discover
    Organizational Unit Name (for example, section)
    Release Engineering
    Common Name (for example, YOUR name)
    DNCA.Discover.com
    Email Address
    root@DNCA.Discover.com

    The common name must be the fully qualified DNS name of the DNCA host machine. If the host machine does not have a DNS name that is assigned to it, then use the IP address of the machine.

  3. Now, set the appropriate file ownership and permissions:
    1. All private key files must be readable only by the user account that needs read access to the file. The following chmod and chown commands set the ownership and permissions so that only the capture processes running as user dncauser can access file example.key:
      
      chmod go= example.key
      chown dncauser example.key
      
    2. Place the files in a directory accessible by the user account. For certificate and key files that are used by the Network Capture software, place the files in directory /usr/local/dncauser/etc.