Create a Self-Signed Certificate

A self-signed certificate is both the certificate and the trusted CA certificate with which it is validated. Self-signed certificates are commonly used when certificates are deployed internally within an organization.

1. Optionally, edit an OpenSSL default configuration file, openssl.cnf.

   This sets the default values provided in the prompts used to gather information for a certificate, such as the common name, country code, state or province, locality, organization, and so on. You can edit this file to make certificate generation easier and more consistent.

   Note:  You can download a sample openssl.cnf file from a number of web sites.
2. Generate a private key. For more information, see Generate a Private Key for Use with Certificates . 
3. Generate a certificate-signing request. For example:

   openssl req -new -config openssl.cnf -key server.keypw -out server.csr

   You will be prompted for information such as a country code, state or province, locality, organization, and also the common name.

   The command generates an unsigned certificate called server.csr, which now needs to be signed.

4. Optionally, remove the pass phrase from the key so that it does not need to be specified when configuring the Uniface TLS connector.
   • To remove the pass phrase from an RSA key:

     openssl rsa -in server.keypw -out server.key

   • To remove the pass phrase from an DSA key:

     openssl dsa -in server.keypw -out server.key

5. Sign the certificate generated in step 3. For example:

   openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

openssl req -new -x509 -key server.key -sha256 -days 365 -out server.crt -config openssl.cnf