1.5.6 hcmds64ssltool (creating a private key and self-signed certificate) : JP1 Version 12 JP1/Automatic Operation Command and API Reference

Description

This command creates a private key, CSR, self-signed certificate, and the self-signed certificate content file that are required for SSL connection. The created files are used for the following purposes:

The CSR is submitted to CA to obtain the SSL server certificate. You can build an SSL connection environment by combining the obtained SSL server certificate with the private key.
You can build an SSL connection environment by combining the self-signed certificate and the private key. However, we recommend that you use this environment for test purposes because the security level is low.
You can check the information registered in the self-signed certificate by viewing the self-signed certificate content file.

Syntax

hcmds64ssltool
     [/key private-key-file-name]
     [/csr CSR-file-name]
     [/cert self-signed-certificate-file-name]
     [/certtext self-signed-certificate-content-file-name]
     [/validity self-signed certificate-expiry-date /dname identification-name-(DN) /sigalg signing-algorithm]

Arguments

/key private-key-file-name: This option specifies the absolute path of the folder that stores the private key. The absolute path must include the file name of the private key. If you omit this option, the file httpsdkey.pem and the file ecc-httpsdkey.pem are output to the default output path.

/csr CSR-file-name: This option specifies the absolute path of the folder that stores the CSR. The absolute path must include the file name of the CSR. If you omit this option, the file httpsd.csr and the file ecc-httpsd.csr are output to the default output path.

/cert self-signed-certificate-file-name: This option specifies the absolute path of the folder that stores the self-signed certificate. The absolute path must include the file name of the self-signed certificate. If you omit this option, the file httpsd.pem and the file ecc-httpsd.pem are output to the default output path.

/certtext self-signed-certificate-content-file-name: This option causes the command to output the content of the self-signed certificate in text format. Specify the absolute path of the folder that stores the file. The absolute path must include the name of the text file. If you omit this option, the file httpsd.txt and the file ecc-httpsd.txt are output to the default output path.

/validity self-signed-certificate-expiry-date: This option specifies the expiry date of the self-signed certificate as a number of days. If this option is omitted, the expiry date becomes 3,650 days. The maximum specifiable value is the number of days until December 31, 9999.

/dname identification-name-(DN)

This option specifies identification name (DN) written in the SSL server certificate in the attribute-type=attribute-value format. You can specify a value with multiple attribute types by separating with a comma (,). The attribute-type is case insensitive. The attribute-value cannot include a double quotation mark (") or backslash (\).

Follow RFC 2253 for character escapes.

Escape the following characters with a backslash (\).

+ , ; < =>
A space at the top of the character string
A space at the end of the character string
A hash mark (#) at the top of the character string

If you omit this option, you will input the attribute values by response input according to the prompt displayed when you execute the command.

The following table describes attribute types that can be specified in this option.

Table 1‒4: List of attribute types that can be specified in the identification name (DN)
Attribute type	Description of the attribute type	Prompt displayed for response input	Attribute value
CN	Common Name	Server Name	Identification name of the JP1/AO server such as a host name, IP address, and domain name^#
OU	Organizational Unit Name	Organizational Unit	Organization name of a small unit such as a department or division name
O	Organization Name	Organization Name	Organization name of the company or organization^#
L	Locality Name	City or Locality	Name of the city or locality (town name in Japan)
ST	State or Province Name	State or Province	Name of the state or province (prefecture in Japan)
C	Country Name	two-character country-code	Country code (`JP` in Japan)

#: This item is required when you use a response input.

The following shows an example of a response input.

Enter Server Name [default=MyHostname]:example.com
Enter Organizational Unit:Device Manager Administration
Enter Organization Name [default=MyHostname]:HITACHI
Enter your City or Locality:Sanfrancisco
Enter your State or Province:California
Enter your two-character country-code:JP
Is CN=example.com,OU=Device Manager Administration,O=HITACHI,L=Sanfrancisco,ST=California,C=JP correct? (y/n) [default=n]:y

If you made a mistake when inputting a value, enter n at the confirmation to perform the response input again.

/sigalg signing-algorithm

Select one of the signing algorithms below. If this option is omitted, SHA256withRSA is assumed.

SHA1withRSA
SHA256withRSA

Located in

In Windows:: Common-Component-installation-folder\bin
In Linux:: /opt/HiCommand/Base64/bin

Execute permission

Execute the command as a user with Administrator or root permissions.

Remarks

If attribute type CN of the SSL server certificate does not match the host name, IP address, or domain name specified as the connection target from the web browser to the JP1/AO server, a server name mismatch warning or error occurs.
If you execute these commands by omitting the key, csr, cert, or certtext option, the files are output to the following location:

In Windows:

Common-Component-installation-folder\uCPSB\httpsd\conf\ssl\server

In Linux 6, Linux 7, SUSE Linux 12:

Common-Component-installation-directory/uCPSB/httpsd/conf/ssl/server

In Linux 8:

Common-Component-installation-directory/uCPSB11/httpsd/conf/ssl/server

Return code

The following table lists the return codes from the command.

Return code	Description
0	The command succeeded.
1	The argument is invalid.
250	Deleting the key store failed.
251	Creating the private key failed.
252	Creating the self-signed certificate failed.
253	Creating the CSR failed.
254	Creating the self-signed certificate content file failed.
255	The command terminated abnormally.