Creating a Self-signed Certificate

A certificate is used by SSL to verify a trusted server. Certificate creation is performed on the active server in each cluster in the topology and then shared with the other servers of each cluster. This local certificate acts as a Private certificate for the local server and enables encrypted information to be transferred through a secure connection.

Note: Common Name (CN) is the primary ID inside of a certificate. The Keystore Input Parameters page refers to the CN as First and Last Name.

To create a self-signed certificate for a cluster and then synchronize it across the cluster:

  1. Log in to the platcfg utility using one of two methods, either from the system console using root or through an SSH remote session using admusr.
    • To access the platcfg utility from the system console:
      1. Log in as root.
      2. Enter su - platcfg.
    • To access the platcfg utility through an SSH remote session:
      1. Log in as admusr.
      2. Enter sudo su - platcfg.

    Note: The dash (-) is required in the su - platcfg or the sudo su - platcfg command to ensure proper permissions.

  2. Select Policy Configuration from the Main Menu screen and press Enter.
  3. Select SSL Key Configuration from the Policy Configuration Menu screen and press Enter.

    Policy Configuration Menu—SSL Key Configuration

  4. Select Configure keystore from the Configure SSL keys Menu screen and press Enter.

    Configure SSL keys Menu—Configure keystore

  5. Select Create Self-Signed Key from the Operate keystore Menu and press Enter.

    Operate keystore Menu

  6. Enter information on the Input Parameters screen.

    Input Parameters
    Note: For the Alias field, enter tomcat.
    Note: For the First and Last Name field (the CN value), create a unique cluster ID name.
    Note: The Keystore Password is changeit

  7. When finished entering values, select OK and press Enter.
  8. If there is an existing certificate with the same Alias name, the following screen opens:

    Delete existing certificate

    Select Yes to remove the old certificate and replace it with a new one with the same name.

  9. The following screen opens when the SSL creation is successful.

    Message
    Press Enter to return to the previous screen.

  10. Select Cluster File Sync from the Policy Configuration Menu screen and press Enter.

    The self-signed certificate is synchronized to the others servers of the cluster.

  11. Select Restart Application from the Policy Configuration Menu screen and press Enter.

    The Policy Management application (the qp_procmgr process) on the active server restarts.

Repeat this procedure for every cluster in the Policy Management network.