12.3.7 selfsigned.bat (creating a self-signed server certificate)
- Organization of this subsection
(1) Function
Creates a self-signed server certificate to be used for immediate use of JP1/DH - Server for the purposes such as testing and evaluation.
(2) Executor
A user with a built-in Administrator account or with Administrator permissions executes the command from the command prompt.#
- #
-
Do not execute a command directly. Use the command prompt to execute a command.
(3) Format
selfsigned.bat
-in CSR-file
-out certificate-file
[-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}]
-signkey key-file
-days number-of-days-of-validity
(4) Arguments
- Important
-
In the case of Linux, you cannot specify an argument containing single-byte spaces.
- -in CSR-file
-
Specify the CSR file created in 12.3.6 selfsignedcertreq.bat (creating a CSR (certificate signing request)).
- Important
-
You can use the CSR file created in 5.4.3 Creating a certificate file for SSL communication. In this case, specify the secret key created in 5.4.3 Creating a certificate file for SSL communication for the -signkey argument.
- -out certificate-file
-
Specify the name of the self-signed server certificate file to be created.
- [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}]
-
Specify the signature algorithm used for creating a self-signed server certificate. If you omit this operand, the underlined signature algorithm is used.
-
MD5: Use md5WithRSAEncryption.
-
SHA1: Use sha1WithRSAEncryption.
-
SHA224: Use sha224WithRSAEncryption.
-
SHA256: Use sha256WithRSAEncryption.
-
SHA384: Use sha384WithRSAEncryption.
-
SHA512: Use sha512WithRSAEncryption.
If you omit this operand, the underlined signature algorithm is used.
- Important
-
The signature algorithms MD5 and SHA1 are becoming more dangerous with decreased safety. Therefore, specify a value other than them.
-
- -signkey key-file
-
Specify the secret key created in 12.3.5 selfsignedkeygen.bat (creating a secret key).
- Important
-
You can use the secret key created in 5.4.3 Creating a certificate file for SSL communication. In this case, specify the CSR file created in 5.4.3 Creating a certificate file for SSL communication for the -in argument.
- -days number-of-days-of-validity
-
Specify the period for which the created certificate is valid in units of days. Note that the command execution day is automatically set as the starting day of the valid period and you cannot change the starting day.
(5) Execution results
A self-signed server certificate is created in the following folder:
installation-folder\bin\
(6) Notes on using the command
Do not execute a command directly. Use the command prompt to execute a command.
If you have enabled UAC (User Account Control) in the operating system, use one of the following ways to execute a command:
-
Log in as a built-in Administrator user, start the command prompt, and then execute a command.
-
Log in as a user with Administrator permissions, start the command prompt by clicking Run as Administrator, and then execute a command.
-
Execute a command from a shortcut for the command prompt with the elevated privileges created at the time of JP1/DH - Server installation.#
- #
-
If you use a command prompt in this way in Windows Server 2012, Windows Server 2012 R2 or Windows Server 2016, you need to install Microsoft .NET Framework 3.5. For details about how to install Microsoft .NET Framework 3.5, see D. Installing .NET Framework 3.5.
Simultaneous executions of commands on the same machine are not supported.