2.7.2.2 Generate Signed Certificate

This section describes how to generate the Signed certificate.

To generate the signed certificate:
  1. Log in to the server as a Linux user.
  2. Generate the CSR file that describes the certificate requested and needed by the signing authority.
  3. Openssl default configuration does not include subject alternative names by default.
  4. SANs should be updated in cert.conf file. Additional SANs or IPs can be added through properties such as DNS.2, DNS.3, IP.1, and IP.2 in the [alt_names] section.
  5. Once the configuration file is placed, generate the CSR file and associated private key by running the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config cert.conf
  6. Provide the requested entries, and some entries can be left blank.

    Note:

    • You can check the CSR contains SANs by running the command: openssl req -text -noout -verify -in server.csr
    • This step is optional only.
  7. Request certificate from the signing authority. Once the certificate is received, convert the server.cer into PEM format if required by running the command: openssl x509 -in server.cer -out server.pem -outform PEM

    Note:

    • You can check the contents of the certificate to make sure that the SANs are included by running the command: openssl x509 -in server.pem -text
    • This step is optional only.
  8. Create .p12 keystore.

    Note:

    • The -name parameter must match the value of the STUDIO_SERVER_SSL_ALIAS variable from the path <COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin/ config.sh
    • To store the password, run the command: openssl pkcs12 -export -out studio_server.p12 - inkey server.key -in server.pem -name studio_alias
    • The password must match the value of the STUDIO_SERVER_SSL_PASSWORD variable from <COMPLIANCE_STUDIO_INSTALLATION_PATH >/bin/ config.sh
    • To check the keystore, run the command: openssl pkcs12 -export -out studio_server.p12 - inkey server.key -in server.pem -name studio_alias
    • This step is optional only.
  9. Copy studio_server.p12 file and place in the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/mmg-home/mmg-studio/conf/ studio_server.p12 and <COMPLIANCE_STUDIO_INSTALLATION_PATH>/deployed/ mmg-home/mmg-studio/conf/studio_server.p12 directories.
  10. Restart Compliance Studio. To do this, navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin directory and run the ./compliance-studio --restart or ./compliance-studio -r.