How to create self signed certificates in Master Child Architecture
asked 27 Oct '15, 15:00
Creating self-signed certificates in Master Child Environment
To start with create folder - /opt/arcsight/HPUBA11/securonix_home/certs Under certs, Run following commands to generate the certificates.
Step 0 – Shutdown Tomcat on both Master and Child servers.
Step 1 – Create a self-signed certificate Use the keytool command for generating a certificate as follows:
/opt/arcsight/HPUBA11/Java/jdk/bin/keytool -genkey -alias gaxgpsl201xs -keyalg RSA -keystore securonixKeyStore1 -keysize 2048 -ext san=dns:gaxgpsl201xs.securonix.com
Finally the DNS address of the server is used in the last part san=dns: gaxgpsl201xs.securonix.com You will be required to provide a few details such as first name and last name among other questions. Fill them as required by the server. Note that the first name and last name must be the DNS of the server.
Step 2 – Create a CertRequest
/opt/arcsight/HPUBA11/Java/jdk/bin/keytool -certreq -alias gaxgpsl201xs -file gaxgpsl201xs.csr -keystore securonixKeyStore1
Step 3 – Export the certificate that has been created
/opt/arcsight/HPUBA11/Java/jdk/bin/keytool -export -alias gaxgpsl201xs -file gaxgpsl201xs_Child1.cer -keystore securonixKeyStore1
Step 4 – Add the Certificate into the keystore
/opt/arcsight/HPUBA11/Java/jdk/bin/keytool -import -file gaxgpsl201xs_Child1.cer -alias gaxgpsl201xs -keystore /opt/arcsight/HPUBA11/Java/jdk/jre/lib/security/cacerts
Follow similar steps on the Master as well, with a different alias. After Step 3, you will have one certificate on Child and one on Master
Certificate on child - gaxgpsl201xs_Child1.cer Certificate on master - gaxgpsl201xs_Master.cer
Copy Master’s certificate to Child server on /opt/arcsight/HPUBA11/securonix_home/certs And copy child’s certificate to Master server on /opt/arcsight/HPUBA11/securonix_home/certs Then perform step 4 again with these new certificates to add the new certificates to the keystore.
answered 27 Oct '15, 15:00