Generating a Self-Signed Certificate
To generate a self-signed certificate, you must use the openssl
utility
to generate a private key and a self-signed certificate for that key.
About this task
The Discover-DNCA
package provides the
openssl utility in the directory /usr/local/dncauser/bin
.
The following steps assume that you logged in to the DNCA host machine as user root. To generate a self-signed certificate:
Procedure
- Generate the private key. The following example generates
a 2048-bit RSA key file named
example.key
:/usr/local/dncauser/bin/openssl genrsa -out example.key 2048
- Generate the self-signed certificate. The following example
generates a self-signed certificate file named
example.crt
by using the private-key fileexample.key
generated in step 1. With option-days 365
, the certificate is valid for the next 365 days (one year):/usr/local/dncauser/bin/openssl req -x509 -days 365 -newkey rsa:2048 -key \ example.key -out example.crt
The
openssl req
command interactively prompts for various values. The following table displays the prompts and sample replies:- Prompt
- Sample Reply
- Country Name (2 letter code)
US
- State or Province Name (full name)
California
- Locality Name (for example, city)
San Francisco
- Organization Name (for example, company)
Unica Discover
- Organizational Unit Name (for example, section)
Release Engineering
- Common Name (for example, YOUR name)
DNCA.Discover.com
- Email Address
root@DNCA.Discover.com
The common name must be the fully qualified DNS name of the DNCA host machine. If the host machine does not have a DNS name that is assigned to it, then use the IP address of the machine.
- Now, set the appropriate file ownership and permissions: