To create a sample Server Certificate, Server Key, and CA Certificate files using Identity Console complete the following steps:
Create a temp folder.
Generate CSR (Certificate Signing Request) file.
The sample csr_detail_file.txt file is as follows:
[req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] O= <Organization Name> CN= <Hostname or DNS Name> [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = oes_doc.labs.wdc.acme.com IP = 192.168.0.1
The attribute details is as follows:
CN: Host name of a gateway cluster resource.
DNS.<value>: DNS name of a gateway cluster resource.
If DNS name is provided for Gateway Server Address during CIS configuration, ensure that the same DNS name is configured. For more information, see Configure CIS Services.
IP: IP address of the cluster gateway resource IP.
Create the .csr file using the following command:
openssl req -new -sha256 -nodes -out csrfilename.csr -newkey rsa:2048 -keyout serverkey.pem -config <csr_detail_file name>
Perform the following steps to generate the public certificate:
Go to Identity Console > Certificate Server > Issue Certificates.
Browse and select a CSR file.
Select Key type as SSL or TLS under Key Usage Specifications.
Select Server authentication and User authentication under Extended key usage.
Select End Entity certificate type under Basic Constraints.
Specify the following parameters:
Subject Name: O=Organization Name; CN=oes_doc.labs.wdc.acme.com
Subject Alternative Names: IP and DNS name
Click Download the issued certificate link.
For more information, see Issuing a Public Key Certificate using Identity Console.
Copy the generated server certificate to the temp folder.
Convert the generated certificate from .der to .pem format.
openssl x509 -inform der -in <.der file name> -out <servercert.pem>