Creating Your Own Certification Authority
About this task
If you
are going to use SSL authentication within your company's boundaries
and not for outside internet commerce, you might find it simpler to
create your own certification authority (CA) to trust all your HCL Workload Automation installations. To do so, follow the steps listed below.
Note: In
the following steps, the names of the files created during the process
TWS and TWSca are sample names. You can use your own names, but keep
the same file extensions.
- Choose a workstation as your CA root installation.
- Type the following command from the SSL directory to initialize
the pseudo random number generator, otherwise subsequent commands
might not work.
- On UNIX:
$ openssl rand -out TWS.rnd -rand ./openssl 8192
- On Windows:
$ openssl rand -out TWS.rnd -rand ./openssl.exe 8192
- On UNIX:
- Type the following command to create the CA private key:
$ openssl genrsa -out TWSca.key 2048
- Type the following command to create a self-signed CA Certificate
(X.509 structure):
$ openssl req -new -x509 -days 365 -key TWSca.key -out TWSca.crt -config ./ openssl.cnf
Now you have a certification authority that you can use to trust all of your installations. If you want, you can create more than one CA.