Hitachi

JP1 Version 12 Job Management: Getting Started (High-speed Transfer of Huge Files)

1.5.1 Creating a server certificate for the test environment

During the test operation period, create the certificate to be used instead of the server certificate. This certificate is called a self-signed server certificate. A secret key and a certificate signing request (CSR) are required to create a self-signed server certificate.

Organization of this subsection

(1) Creating a secret key for the test environment

Create a secret key required to create a self-signed server certificate.

Prerequisites

To perform this task, the system administrator logs in as the built-in Administrator user to the machine on which JP1/DH - Server is installed, and then starts the command prompt.

Procedure

  1. Start the command prompt.

    Start the command prompt at the following location, in which the batch command for creating a secret key is stored:

    installation-folder\bin\

  2. Execute selfsignedkeygen.bat with necessary arguments specified. 

    selfsignedkeygen.bat
  -out secret-key-file-name
  [-bits {512|1024|2048|4096}]

    The following are details of the arguments:

    -out secret-key-file-name

    Specify the name of the file to which the created secret key is output.

    [-bits {512|1024|2048|4096}]

    Specify the bit length of the secret key to be created.

    If you omit this argument, 2048 is used.

    Keys with a bit length of 1024 or lower are becoming more dangerous with decreased safety. Therefore, specify 2048 or higher for the bit length.

Operation result

The secret key file with the name specified for -out is created.

To Page Top

(2) Creating a certificate signing request (CSR) for the test environment

Create a certificate signing request (CSR) required to create a self-signed server certificate.

Prerequisites

Procedure

  1. Start the command prompt.

    Start the command prompt at the following location, in which the batch command for creating a certificate signing request (CSR) is stored:

    installation-folder\bin\

  2. Execute selfsignedcertreq.bat with necessary arguments specified. 

    selfsignedcertreq.bat
  -key key-file-name
  -out CSR-file-name
  -subject "subject"

    The following are details of the arguments:

    -key key-file-name

    Specify the name of the secret key file that was created beforehand.

    -out CSR-file-name

    Specify the name of the file to which the created certificate signing request (CSR) is output.

    -subject "subject"

    Specify a server certificate subject name.

    The following is the format of a server certificate subject name:

    "/C=two-letter-country-code(JP for Japan)/ST=state-or-province-name/L=city-or-area-name/O=organization-name/OU=organization-unit-name/CN=server-host-name-(FQDN)"

    The following is an example of how to specify a subject name:

    "/C=JP/ST=Tokyo/L=Shinagawa-ku/O=HitachiLtd./OU=SoftwareDevelopment/CN=jp1dhserver.foo1.foo2.co.jp"
Important

You can specify values with alphanumeric characters and the following symbols:

A half space, period (.), hyphen (-), and a half comma (,)

You cannot use a forward slash (/).

Operation result

The certificate signing request (CSR) file with the name specified for -out is created.

To Page Top

(3) Creating a self-signed server certificate for the test environment

Create a self-signed server certificate.

Prerequisites

Procedure

  1. Start the command prompt.

    Start the command prompt at the following location, in which the batch command for creating a self-signed server certificate is stored:

    installation-folder\bin\

  2. Execute selfsigned.bat with necessary arguments specified. 

    selfsigned.bat
  -in CSR-file-name
  -out certificate-file-name
  [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}]
  -signkey key-file-name
  -days number-of-days-of-validity

    The following are details of the arguments:

    -in CSR-file-name

    Specify the name of the certificate signing request (CSR) file that was created beforehand.

    -out certificate-file-name

    Specify the name of the file to which the created self-signed server certificate is output.

    [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}]

    Specify the signature algorithm used for creating a self-signed server certificate. If you omit this operand, the underlined signature algorithm is used.

    - MD5: Use md5WithRSAEncryption.

    - SHA1: Use sha1WithRSAEncryption.

    - SHA224: Use sha224WithRSAEncryption.

    - SHA256: Use sha256WithRSAEncryption.

    - SHA384: Use sha384WithRSAEncryption.

    - SHA512: Use sha512WithRSAEncryption.

    If you omit this operand, the underlined signature algorithm is used.

    Important

    The signature algorithms MD5 and SHA1 are becoming more dangerous with decreased safety. Therefore, specify a value other than them.

    -signkey key-file-name

    Specify the name of the secret key file that was created beforehand.

    -days number-of-days-of-validity

    Specify the validity period of the created self-signed server certificate, in units of days. Note that the command execution date and time are automatically set as the starting date and time of the validity period, and cannot be changed.

Operation result

The self-signed server certificate file is created with the name specified for -out.

Postrequisites

Related topics

To Page Top

All Rights Reserved. Copyright (C) 2019, Hitachi, Ltd.

All Rights Reserved. Copyright (C) 2019, Hitachi Solutions, Ltd.