1.4.1 Generating a Self-Signed Server Certificate

You can create a self-signed server certificate using the openssl command.

The following steps show how to generate a self-signed server certificate.

1. Go to the following directory:

   cd /etc/oracle/graph

2. Execute the following commands:

   openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=MyState/L=MyTown/O=MyOrganization/CN=ROOT" -keyout ca_key.pem -out ca_certificate.pem
   openssl genrsa -out server_key_traditional.pem 2048
   openssl pkcs8 -topk8 -in server_key_traditional.pem -inform pem -out server_key.pem -outform pem -nocrypt
   openssl req -new -subj "/C=US/ST=MyState/L=MyTown/O=MyOrganization/CN=localhost" -key server_key.pem -out server.csr
   chmod 600 server_key.pem
   openssl x509 -req -CA ca_certificate.pem -CAkey ca_key.pem -in server.csr -out server_certificate.pem -days 365 -CAcreateserial
   chown oraclegraph:oraclegraph server_key.pem

   Note:

   • The certificate mentioned in the above example will only work for the host localhost. If you have a different domain, you must replace localhost with your domain name.
   • The above self-signed certificate is valid only for 365 days.