The section
illustrates how to use
generateSSLCertificates
to generate certificates for two
hosts in a distributed environment.
To create a certificate using the
generateSSLCertificates
utility, follow these steps
(Prompts are shaded and user input is in boldface):
Execute the
deployment_template\ssl_Certs_Utility\bin\generateSSLCertificates
utility as follows:On Windows: generateSSLCertificates.bat On Unix: generateSSLCertificates.sh
Specify the location of the OCS configuration file that will contain keystore and truststore passphrases.
Enter the location of OCS JPS_CONFIG file: /localdisk/endeca/ToolsAndFrameworks/11.1.0/server/workspace/credential_store
Specify the location of an existing openssl executable.
Please specify the location of an existing openssl executable. If you do not have one available, please consult the Oracle Documentation on how it might be obtained... Specify the complete path of directory containing openssl executable: :/localdisk/endeca/PlatformServices/11.1.0/bin/openssl
The following message appears if no CA root certificate is available:
There is no CA root certificate available in
deployment_template\ssl_certs_utility\bin\ssl
directory; generating self-signed CA root certificate. The CA root certificate will expire after 3600 days.Enter the
hostname.domain
of the server.Please enter the hostname.domain of the server (For example "hostname.domainname" of Platform services) for which certificates are needed. :slcw5dd.us.example.com
Generating keys and certificates for slcw5dd.us.example.com components.
The keystore for slcw5dd.us.example.com host will be protected using a passphrase. Select any passphrase you wish (6 or more characters) Enter passphrase for KeyStore: ****** Re-enter your KeyStore passphrase: ******
Enter the keyname to store this keystore passphrase.
Enter the keyname to store this keystore passphrase in oracleCommerceSSLPassPhrase map of OCS. :S-slcw5dd
Set a different passphrase for the Truststore.
Would you like to set a different passphrase for Truststore? (Y/N) The typical default is N to reuse new keystore passphrase. :Y
Enter a passphrase for Truststore.
Enter passphrase for truststore for slcw5dd.us.example.com host Enter passphrase for TrustStore: ****** Re-enter your TrustStore passphrase: ******
Enter the keyname to store this truststore passphrase in oracleCommerceSSLPassPhrase map of OCS : TS-slcw5dd
Instruct
generateSSLCertificates
to generate certificates for other hosts. (optional)Would you like to generate certificates for any other host? (Y/N)? The typical default is N to exit the utility. :Y
If you entered Y in the preceding step, specify the hostname and domain of the second host for which you want to create a certificate; for example:
Please enter the hostname.domain of the server for which certificates are needed. :busgt5706.oradev.oraclecorp.com
Generating keys and certificates for busgt5706.oradev.oraclecorp.com
Enter and confirm the passphrase that you want to use for the keystore:
keystore for busgt5706.oradev.oraclecorp.com host will be protected using a passphrase. Select any passphrase you wish (6 or more characters) Enter passphrase for KeyStore:******* Re-enter your KeyStore passphrase:*******
Enter the keyname to store this keystore passphrase.
Enter the keyname to store this keystore passphrase in oracleCommerceSSLPassPhrase map of OCS: KS-busgt5706
Specify a different passphrase for the Trust store. (optional)
Would you like to set a different passphrase for Truststore? (Y/N) The typical default is N to reuse the keystore passphrase. :Y
Enter passphrase for Truststore.
Enter passphrase for truststore for busgt5706.oradev.oraclecorp.com host. Enter passphrase for TrustStore:****** Re-enter your TrustStore passphrase:******
Enter the keyname to store this truststore passphrase.
Enter the keyname to store this truststore passphrase in oracleCommerceSSLPassPhrase map of OCS :TS-busgt5706 The host busgt5706.oradev.oraclecorp.com certificates will expire after 1095 days.
Indicate whether you want to generate certificates for additional hosts or exit the
generateSSLCertificates
Utility.Would you like to generate certificates for any other host? (Y/N)? The typical default is N to exit the utility.:N