1.5.1 Creating a server certificate for the test environment
During the test operation period, create the certificate to be used instead of the server certificate. This certificate is called a self-signed server certificate. A secret key and a certificate signing request (CSR) are required to create a self-signed server certificate.
- Organization of this subsection
(1) Creating a secret key for the test environment
Create a secret key required to create a self-signed server certificate.
Prerequisites
To perform this task, the system administrator logs in as the built-in Administrator user to the machine on which JP1/DH - Server is installed, and then starts the command prompt.
Procedure
-
Start the command prompt.
Start the command prompt at the following location, in which the batch command for creating a secret key is stored:
installation-folder\bin\
-
Execute selfsignedkeygen.bat with necessary arguments specified.
selfsignedkeygen.bat -out secret-key-file-name [-bits {512|1024|2048|4096}]
The following are details of the arguments:
- -out secret-key-file-name
-
Specify the name of the file to which the created secret key is output.
- [-bits {512|1024|2048|4096}]
-
Specify the bit length of the secret key to be created.
If you omit this argument, 2048 is used.
Keys with a bit length of 1024 or lower are becoming more dangerous with decreased safety. Therefore, specify 2048 or higher for the bit length.
Operation result
The secret key file with the name specified for -out is created.
(2) Creating a certificate signing request (CSR) for the test environment
Create a certificate signing request (CSR) required to create a self-signed server certificate.
Prerequisites
-
To perform this task, the system administrator logs in as the built-in Administrator user to the machine on which JP1/DH - Server is installed, and then starts the command prompt.
-
A secret key must be created beforehand.
Procedure
-
Start the command prompt.
Start the command prompt at the following location, in which the batch command for creating a certificate signing request (CSR) is stored:
installation-folder\bin\
-
Execute selfsignedcertreq.bat with necessary arguments specified.
selfsignedcertreq.bat -key key-file-name -out CSR-file-name -subject "subject"
The following are details of the arguments:
- -key key-file-name
-
Specify the name of the secret key file that was created beforehand.
- -out CSR-file-name
-
Specify the name of the file to which the created certificate signing request (CSR) is output.
- -subject "subject"
-
Specify a server certificate subject name.
The following is the format of a server certificate subject name:
"/C=two-letter-country-code(JP for Japan)/ST=state-or-province-name/L=city-or-area-name/O=organization-name/OU=organization-unit-name/CN=server-host-name-(FQDN)"
The following is an example of how to specify a subject name:
"/C=JP/ST=Tokyo/L=Shinagawa-ku/O=HitachiLtd./OU=SoftwareDevelopment/CN=jp1dhserver.foo1.foo2.co.jp"
- Important
-
You can specify values with alphanumeric characters and the following symbols:
A half space, period (.), hyphen (-), and a half comma (,)
You cannot use a forward slash (/).
Operation result
The certificate signing request (CSR) file with the name specified for -out is created.
(3) Creating a self-signed server certificate for the test environment
Create a self-signed server certificate.
Prerequisites
-
To perform this task, the system administrator logs in as the built-in Administrator user to the machine on which JP1/DH - Server is installed, and then starts the command prompt.
-
A secret key and a certificate signing request (CSR) must be created beforehand.
Procedure
-
Start the command prompt.
Start the command prompt at the following location, in which the batch command for creating a self-signed server certificate is stored:
installation-folder\bin\
-
Execute selfsigned.bat with necessary arguments specified.
selfsigned.bat -in CSR-file-name -out certificate-file-name [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}] -signkey key-file-name -days number-of-days-of-validity
The following are details of the arguments:
- -in CSR-file-name
-
Specify the name of the certificate signing request (CSR) file that was created beforehand.
- -out certificate-file-name
-
Specify the name of the file to which the created self-signed server certificate is output.
- [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}]
-
Specify the signature algorithm used for creating a self-signed server certificate. If you omit this operand, the underlined signature algorithm is used.
- MD5: Use md5WithRSAEncryption.
- SHA1: Use sha1WithRSAEncryption.
- SHA224: Use sha224WithRSAEncryption.
- SHA256: Use sha256WithRSAEncryption.
- SHA384: Use sha384WithRSAEncryption.
- SHA512: Use sha512WithRSAEncryption.
If you omit this operand, the underlined signature algorithm is used.
- Important
-
The signature algorithms MD5 and SHA1 are becoming more dangerous with decreased safety. Therefore, specify a value other than them.
- -signkey key-file-name
-
Specify the name of the secret key file that was created beforehand.
- -days number-of-days-of-validity
-
Specify the validity period of the created self-signed server certificate, in units of days. Note that the command execution date and time are automatically set as the starting date and time of the validity period, and cannot be changed.
Operation result
The self-signed server certificate file is created with the name specified for -out.
Postrequisites
-
If the self-signed server certificate is used to start JP1/DH - Server in the test environment, set the network configuration and install the self-signed server certificate in JP1/DH - Server.
-
If you prepare to start JP1/DH - Server in the production environment, create a server certificate.
Related topics