1.5.6 hcmds64ssltool (creating a private key and self-signed certificate)
Description
This command creates a private key, CSR, self-signed certificate, and the self-signed certificate content file that are required for SSL connection. The created files are used for the following purposes:
-
The CSR is submitted to CA to obtain the SSL server certificate. You can build an SSL connection environment by combining the obtained SSL server certificate with the private key.
-
You can build an SSL connection environment by combining the self-signed certificate and the private key. However, we recommend that you use this environment for test purposes because the security level is low.
-
You can check the information registered in the self-signed certificate by viewing the self-signed certificate content file.
Syntax
hcmds64ssltool [/key private-key-file-name] [/csr CSR-file-name] [/cert self-signed-certificate-file-name] [/certtext self-signed-certificate-content-file-name] [/validity self-signed certificate-expiry-date /dname identification-name-(DN) /sigalg signing-algorithm]
Arguments
- /key private-key-file-name
-
This option specifies the absolute path of the folder that stores the private key. The absolute path must include the file name of the private key. If you omit this option, the file httpsdkey.pem and the file ecc-httpsdkey.pem are output to the default output path.
- /csr CSR-file-name
-
This option specifies the absolute path of the folder that stores the CSR. The absolute path must include the file name of the CSR. If you omit this option, the file httpsd.csr and the file ecc-httpsd.csr are output to the default output path.
- /cert self-signed-certificate-file-name
-
This option specifies the absolute path of the folder that stores the self-signed certificate. The absolute path must include the file name of the self-signed certificate. If you omit this option, the file httpsd.pem and the file ecc-httpsd.pem are output to the default output path.
- /certtext self-signed-certificate-content-file-name
-
This option causes the command to output the content of the self-signed certificate in text format. Specify the absolute path of the folder that stores the file. The absolute path must include the name of the text file. If you omit this option, the file httpsd.txt and the file ecc-httpsd.txt are output to the default output path.
- /validity self-signed-certificate-expiry-date
-
This option specifies the expiry date of the self-signed certificate as a number of days. If this option is omitted, the expiry date becomes 3,650 days. The maximum specifiable value is the number of days until December 31, 9999.
- /dname identification-name-(DN)
-
This option specifies identification name (DN) written in the SSL server certificate in the attribute-type=attribute-value format. You can specify a value with multiple attribute types by separating with a comma (,). The attribute-type is case insensitive. The attribute-value cannot include a double quotation mark (") or backslash (\).
Follow RFC 2253 for character escapes.
Escape the following characters with a backslash (\).
-
+ , ; < =>
-
A space at the top of the character string
-
A space at the end of the character string
-
A hash mark (#) at the top of the character string
If you omit this option, you will input the attribute values by response input according to the prompt displayed when you execute the command.
The following table describes attribute types that can be specified in this option.
Table 1‒4: List of attribute types that can be specified in the identification name (DN) Attribute type
Description of the attribute type
Prompt displayed for response input
Attribute value
CN
Common Name
Server Name
Identification name of the JP1/AO server such as a host name, IP address, and domain name#
OU
Organizational Unit Name
Organizational Unit
Organization name of a small unit such as a department or division name
O
Organization Name
Organization Name
Organization name of the company or organization#
L
Locality Name
City or Locality
Name of the city or locality (town name in Japan)
ST
State or Province Name
State or Province
Name of the state or province (prefecture in Japan)
C
Country Name
two-character country-code
Country code (JP in Japan)
- #
-
This item is required when you use a response input.
The following shows an example of a response input.
Enter Server Name [default=MyHostname]:example.com Enter Organizational Unit:Device Manager Administration Enter Organization Name [default=MyHostname]:HITACHI Enter your City or Locality:Sanfrancisco Enter your State or Province:California Enter your two-character country-code:JP Is CN=example.com,OU=Device Manager Administration,O=HITACHI,L=Sanfrancisco,ST=California,C=JP correct? (y/n) [default=n]:y
If you made a mistake when inputting a value, enter n at the confirmation to perform the response input again.
-
- /sigalg signing-algorithm
-
Select one of the signing algorithms below. If this option is omitted, SHA256withRSA is assumed.
-
SHA1withRSA
-
SHA256withRSA
-
Located in
- In Windows:
-
Common-Component-installation-folder\bin
- In Linux:
-
/opt/HiCommand/Base64/bin
Execute permission
Execute the command as a user with Administrator or root permissions.
Remarks
- If attribute type CN of the SSL server certificate does not match the host name, IP address, or domain name specified as the connection target from the web browser to the JP1/AO server, a server name mismatch warning or error occurs.
- If you execute these commands by omitting the key, csr, cert, or certtext
option, the files are output to the following location:
- In Windows:
-
Common-Component-installation-folder\uCPSB11\httpsd\conf\ssl\server
- In Linux:
-
Common-Component-installation-directory/uCPSB11/httpsd/conf/ssl/server
Return code
The following table lists the return codes from the command.
Return code |
Description |
---|---|
0 |
The command succeeded. |
1 |
The argument is invalid. |
250 |
Deleting the key store failed. |
251 |
Creating the private key failed. |
252 |
Creating the self-signed certificate failed. |
253 |
Creating the CSR failed. |
254 |
Creating the self-signed certificate content file failed. |
255 |
The command terminated abnormally. |