Self-Signed SSL Certificate on the i-Planet Gateway

When you installed the i-Planet software, you created and installed a self-signed SSL certificate. At some point after installation, you might want to generate a new self-signed certificate; you might want to change the information for the certificate you entered during the original installation, for example.

To Generate a Self-Signed SSL Certificate for the i-Planet Gateway

1. As root, run the certadmin script on the i-Planet gateway:

   # /opt/SUNWsnrp/bin/certadmin

   The Certificate Administration menu is displayed:

   1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate from Certificate Authority (CA) 5) Quit choice: [5]

2. Enter 1 on the Certificate Administration menu to generate a self-signed certificate.

   The Certificate Administration script prompts you to enter specific information about your organization and a passphrase for the self-signed certificate:

   What is the fully qualified DNS name of this host? [hostname.domainname] What is the name of your organization? [] What is the name of your organizational unit? [] What is the name of your City or Locality? [] What is the name of your State or Province? [] What is the two-letter country code for this unit? [] ... Enter passphrase []

3. Enter the information for your organization and a passphrase for the self-signed certificate.

   A self-signed certificate is generated and added to the file /etc/opt/SUNWstnr/rp.keystore on the i-Planet gateway. Your prompt returns.

4. Stop and restart the reverse proxy server on the i-Planet gateway for the certificate to take effect.

   See the procedure "To Stop and Restart the Reverse Proxy Server on the i-Planet Gateway" in Chapter 3, Other Administrative Tasks.

5. Make a backup copy of the rp.keystore file.