Generate new certificates and a Certificate Authority (CA)
About this task
If you want to secure the communication based on the Secure Sockets Layer (SSL) protocol, but you do not have a corporate Certificate Authority (CA), you can use Certman to create one and generate the required certificates.
Procedure
- Browse to the following path: <image_location>/TWS/<interp_name>/Tivoli_LWA_<interp_name>\TWS\bin
-
Generate the CA and certificates by running the following command:
certman generate -keypasswd <pwd> -outpath <output path> [-capath <ca path>] [-wauser <user>] [-wagroup <group>]Where:
- keypasswd
- Specify the password to encrypt the private key.
- outpath
- Specify the folder where generate the certificates.
- capath
- Leave empty to generate a ca.crt and ca.key.
- wauser
- Optionally, specify the TWS_user that must be set as owner of the output files.
- wagroup
- Optionally, specify the TWS_user
that must be set as group of the output files..Note: To specify an owner and group in wauser and wagroup parameters, the user who launches Certman must have the permissions to change the owner and group on output files.
Results
-
- ca.crt
- The file that contains the Root ca.
-
- ca.key
- The private key of the CA.
-
- tls.crt
- The certificate signed and validated by the CA.
-
- tls.key
- The private key of the tls certificate.
-
- tls.sth
- The stash file of the tls certificate that contains the password encoded in Base64 format.
Note: It is strongly suggested that you save the
ca.key so that in future, if needed, you can generate or
replace the certificates only.
After having generated the CA, add it to the OS and browser so that they can trust the new CA.