Self-signed SSL Certificates

During i-Planet software installation, you created and installed a self-signed SSL certificate. At some point after installation, you might want to generate a new self-signed certificate; you might want to change the information for the certificate you entered during the original installation, for example.

To generate a self-signed certificate

1. As root, run the certadmin script on the i-Planet gateway or server, as appropriate.

   # /opt/SUNWsnrp/bin/certadmin

   The Certificate Administration menu is displayed:

   1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate from Certificate Authority (CA) 5) Quit choice: [5]

2. Enter 1 on the Certificate Administration menu to generate a self-signed certificate.

   The Certificate Administration script prompts you to enter certain organization-specific information and a passphrase for the self-signed certificate:

   What is the fully qualified DNS name of this host? [hostname.domainname] What is the name of your organization? [] What is the name of your organizational unit? [] What is the name of your City or Locality? [] What is the name of your State or Province? [] What is the two-letter country code for this unit? [] ... Enter passphrase []

3. Enter your organization-specific information and a passphrase for the self-signed certificate.

   A self-signed certificate is generated and your prompt returns.

4. Restart the i-Planet gateway for the certificate to take effect.

   • To restart the i-Planet gateway:

     # /opt/SUNWsnrp/bin/iplanet_gw stop # /opt/SUNWsnrp/bin/iplanet_gw start