Creating a Certificate Authority
CA is short for Certificate Authority. A CA issues certificates for email accounts, web sites, or Java applets. This only expresses a trust relationship. If you trust the CA, then you automatically trust all the certificates that have been issued by the CA.
About this task
Procedure
-
Initialize the CA key database and create the CA certificate. For example:
gsk8capicmd_64 -cert -create -db server.kdb -stashed -dn "CN=myserver,OU=mynetwork,O=mycompany,C=mycountry" -expire 7300 -label "My self-signed certificate" -default_cert yes
The -db parameter specifies the file name to be used for the CA's key database file. The -pw parameter specifies the password to use to protect the key database file. The -expire parameter indicates the number of days before the certificate expires. The dn parameter specifies the distinguished name use on the CA certificate. The label parameter specifies the name to be used for the CA certificate in the key database file.
-
Extract the CA's root certificate. This certificate must be installed at both the clients and
servers:
gsk8capicmd_64 -cert -extract -db ca.kdb -stashed -label "CA cert" -format ascii -target ca.arm
The -db parameter specifies the file name of the CA's key database file. The -label parameter specifies the CA's certificate label in the key database file. The -target parameter specifies the file that is stored in the exported CA certificate.