Example: Using generateSSLCertificates

The section illustrates how to use generateSSLCertificates to generate certificates for two hosts in a distributed environment.

To create a certificate using the generateSSLCertificates utility, follow these steps (Prompts are shaded and user input is in boldface):

  1. Execute the deployment_template\ssl_Certs_Utility\bin\generateSSLCertificates utility as follows: 

    On Windows: generateSSLCertificates.bat 
On Unix:    generateSSLCertificates.sh

  2. Specify the location of the OCS configuration file that will contain keystore and truststore passphrases. 

    Enter the location of OCS JPS_CONFIG file: 
 /localdisk/endeca/ToolsAndFrameworks/11.1.0/server/workspace/credential_store

  3. Specify the location of an existing openssl executable. 

    Please specify the location of an existing openssl executable. If you do not have one available, 
please consult the Oracle Documentation on how it might be obtained...

Specify the complete path of directory containing openssl executable: 
 :/localdisk/endeca/PlatformServices/11.1.0/bin/openssl

  4. The following message appears if no CA root certificate is available: 

    There is no CA root certificate available in deployment_template\ssl_certs_utility\bin\ssl directory; generating self-signed CA root certificate.
The CA root certificate will expire after 3600 days.

  5. Enter the hostname.domain of the server. 

    Please enter the hostname.domain of the server (For example "hostname.domainname" of 
Platform services) for which certificates are needed. :slcw5dd.us.example.com 
               
    Generating keys and certificates for slcw5dd.us.example.com components.

  6. Select a passphrase. 

    The keystore for slcw5dd.us.example.com host will be protected using a passphrase. 
Select any passphrase you wish (6 or more characters)
  Enter passphrase for KeyStore: ******
  Re-enter your KeyStore passphrase: ******

  7. Enter the keyname to store this keystore passphrase. 

    Enter the keyname to store this keystore passphrase in oracleCommerceSSLPassPhrase map of OCS. 
		:S-slcw5dd

  8. Set a different passphrase for the Truststore. 

    Would you like to set a different passphrase for Truststore? (Y/N)
The typical default is N to reuse new keystore passphrase. 
 :Y

  9. Enter a passphrase for Truststore. 

    Enter passphrase for truststore for slcw5dd.us.example.com host
  Enter passphrase for TrustStore: ******
  Re-enter your TrustStore passphrase: ******

  10. Add the Truststore to OCS. 

    Enter the keyname to store this truststore passphrase in oracleCommerceSSLPassPhrase map of OCS
 : TS-slcw5dd

  11. Instruct generateSSLCertificates to generate certificates for other hosts. (optional) 

    Would you like to generate certificates for any other host? (Y/N)? 
The typical default is N to exit the utility. 
 :Y

  12. If you entered Y in the preceding step, specify the hostname and domain of the second host for which you want to create a certificate; for example: 

    Please enter the hostname.domain of the server for which certificates are needed. 
 :busgt5706.oradev.oraclecorp.com
               

    Generating keys and certificates for busgt5706.oradev.oraclecorp.com

  13. Enter and confirm the passphrase that you want to use for the keystore: 

    keystore for busgt5706.oradev.oraclecorp.com host will be protected using a passphrase. 
Select any passphrase you wish (6 or more characters)
  Enter passphrase for KeyStore:******* 
  Re-enter your KeyStore passphrase:*******

  14. Enter the keyname to store this keystore passphrase. 

    Enter the keyname to store this keystore passphrase in oracleCommerceSSLPassPhrase 
map of OCS: KS-busgt5706

  15. Specify a different passphrase for the Trust store. (optional) 

    Would you like to set a different passphrase for Truststore? (Y/N) 
The typical default is N to reuse the keystore passphrase. 
 :Y

  16. Enter passphrase for Truststore. 

     Enter passphrase for truststore for busgt5706.oradev.oraclecorp.com host. 
	 Enter passphrase for TrustStore:****** 
		Re-enter your TrustStore passphrase:******

  17. Enter the keyname to store this truststore passphrase. 

    Enter the keyname to store this truststore passphrase in oracleCommerceSSLPassPhrase 
map of OCS :TS-busgt5706 
 		
The host busgt5706.oradev.oraclecorp.com certificates will expire after 1095 days.

  18. Indicate whether you want to generate certificates for additional hosts or exit the generateSSLCertificates Utility. 

    Would you like to generate certificates for any other host? (Y/N)?
The typical default is N to exit the utility.:N

Copyright © Legal Notices