Versions Compared

Old Version 116

changes.mady.by.user Gill Houghton

Saved on

compared with

New Version 117

changes.mady.by.user Gill Houghton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

The commands use openssl and keytool from the command line.

Install the OpenSSL command line tool and add the OpenSSL PATH in the Windows environment variables if necessary.

Keytool is part of the standard java distribution and is located in the bin sub-directory of your jdk installation directory. Chariot will always include a java distribution under the <chariot_install_dir>/lib/runtime/jdk11.0.12_7/bin. Add the keytool PATH in the Windows environment variables if necessary.

You will need to restart your command window to pick up this configuration change.

...

  1. Generate a private key file (serverCA.key) for the Server CA using the command below. You will be required to enter a pass phrase to be associated with the serverCA.key file.

    Tip

    Make note of this pass phrase for the Server CA private key file (serverCA.key) as it will be used again whilst creating the certificate hierarchy. 


    Code Block
    languagetext
    openssl genrsa -des3 -out ca/server/serverCA.key 2048


  2. Generate a Certificate Signing Request (CSR) for the server CA using the command below. This command generates a new CSR named "serverCA.csr’ using the RSA private key "serverCA.key" and you will be required to enter the pass phrase for the serverCA.key file created in the previous step.

    Code Block
    languagetext
    openssl req -new -key ca/server/serverCA.key -out ca/server/serverCA.csr


    Note

    There are a number of fields associated with the creation of the certificate. The required fields are:

    Country Name (2 letter code) []: Your country code

    State or Province Name (full name) []: Your state

    Locality Name (eg, city) []: Your city

    Organization Name (eg, company) []: Your company name

    Organizational Unit Name (eg, section) []: Server CA

    Common Name (eg, fully qualified host name) []: This MUST be Fill them out with your relevant details where theCommon Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server

    Email Address []: Your email address

    Extra attributes to be sent with the certificate request are:

    A challenge password []: Any alpha-numeric phrase.


  3. Sign the Server CA with the Root CA using the command below. This command will sign the CSR "serverCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘serverCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the Root CA private key file "ca.key". 

    Code Block
    languagetext
    openssl x509 -req -in ca/server/serverCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/server/serverCA.crt -days 3650


...