By default, the
enecerts utility produces the
eneCert.pem certificate (used by all clients and
servers to specify their identity when using SSL) and the
eneCA.pem Certificate Authority (CA) certificate
(used by all clients and servers that wish to authenticate the other endpoint
of a communication channel).
If you have your own CA certificate and private-key files, you can use
the
--CAkey and
--CAcert
flags to generate the
eneCert.pem certificate. The private-key file
(.key extension) is used to digitally sign the public key that is generated by
the
enecerts utility. Both flags must be used for this
operation.
The syntax for the
--CAkey flag is:
--CAkey private-key
where private-key is your own .key file with the private key for the CA that should be used to sign the generated certificate.
The syntax for the
--CAcert flag is:
--CAcert cert-pem
where
cert-pem is your CA certificate (.pem extension).
This file is the same type of file as the default
eneCA.pem CA certificate.
For example, the following Windows command creates a signed certificate file using your own CA certificate and private-key files:
enecerts --CAkey myCA.key --CAcert myCA.pem
You would then use the resulting
eneCert.pem certificate and your CA file
(myCA.pem in the example) to configure SSL for your Guided
Search components. If you have multiple machines in your deployment, you must
also copy these files to the other machines.
