Salesforce

Steps to create a self signed SSL certificate from scratch on unix or linux

Printable View
« Go Back

Information

 
TitleSteps to create a self signed SSL certificate from scratch on unix or linux
URL Name000027719
Article Number000158736
EnvironmentProduct: OpenEdge
Version: 10.x, 11.x
OS: UNIX, Linux
Question/Problem Description
Steps to create a self signed SSL certificate from scratch on Linux CentOS/RedHat
How to create a self-signed SSL certificate from scratch on CentOS
Steps to Reproduce
Clarifying Information
Error Message
Defect Number
Enhancement Number
Cause
Resolution
The following instructions need to be carried out as root.

Use caution when copying/pasting any of the steps from this article to the command line, as the characters may not be in the same codepage and may mean different things in different places.

Steps to create a self-signed SSL certificate:

1. Open a PROENV shell:
. $DLC/bin/proenv
 
2. Create the following directories and files:
mkdir myssl
cd myssl
mkdir newcerts
touch index.txt
echo '01'> serial
echo '01' > crlnumber
cp $DLC/keys/policy/pscpki.cnf myssl.cnf

3. Edit the myssl/myssl.cnf file making the following changes

From:
database        = $dir/index.txt   # database index file.
To:
database        = ./index.txt   # database index file.

From:
new_certs_dir   = $dir/newcerts    # default place for new certs.
To:
new_certs_dir   = ./newcerts    # default place for new certs.

From:
serial          = $dir/serial              # Current serial number
To:
serial          = ./serial              # Current serial number

4. Create the Self-Signed Certificate
chmod 0600 myssl.cnf
pkiutil -keysize 2048 -newreq demoSSL
sslc req -config myssl.cnf -new -x509 -days 1001 -key $DLC/keys/requests/demoSSL.pk1 -out $DLC/keys/requests/rootCA.cer
sslc ca -config myssl.cnf -cert $DLC/keys/requests/rootCA.cer -in $DLC/keys/requests/demoSSL.pk10 -keyfile $DLC/keys/requests/demoSSL.pk1 -days 365 -out $DLC/keys/requests/demoSSL.cer
pkiutil -import demoSSL $DLC/keys/requests/demoSSL.cer

5.  A demoSSL.pem file will be imported to the $DLC/keys folder.  This file alias name (demoSSL) needs to be specified in the ubroker.properties configuration file under the specific Broker section:

sslEnable=1
keyAlias=demoSSL
keyAliasPasswd=<use $DLC/bin/genpassword -password <actual password> to generate encrypted password to copy for this property>

6.  Import the Root Certificate
 
certutil -import $DLC/keys/requests/rootCA.cer

A hash formatted file with ".0" extension will be imported to the $DLC/certs folder.  
This is the certificate needs to be copied to the clients (WebSpeed messenger or ABL clients) $DLC/certs folder.

7.  For WebSpeed messenger add the following to the CGIIP messenger section:

noHostVerify=1
sslEnable=1
useConnID=0
Workaround
Notes
References to Other Documentation:
 
Keyword Phrase
Last Modified Date1/16/2019 10:20 AM
Powered by