CreateSSLCertificate

The Oracle Communications Unified Assurance SSL Certificate and Key Creation application runs OpenSSL commands to create keys and certificates. The generated files are located in the $A1BASEDIR/etc/ssl directory.

You run this application from the command line.

The tree of trust is:

• Assure1CA (Unified Assurance Global CA)

• Web

• SiteCA (Unified Assurance Site CA)

• Host

• User-api

• User-assure1

• User-repl

• User-root

If you provide the --Type option and specify SiteCA, the application creates a new certificate authority that is specific to the site and automatically creates the Host and User-* certificates. It also creates a BundleCA.crt, containing both the Assure1CA and SiteCA. This bundle is used in applications configurations.

CreateSSLCertificate Usage Examples

To create a SiteCA certificate and dependencies:

./CreateSSLCertificate --Type SiteCA

To create a Web certificate, with separate host FQDNs:

./CreateSSLCertificate --Type Web --CN host1.example.com --AltCN host1-pres1.example.com --AltCN host1-pres2.example.com

By default, CreateSSLCertificate will not run if the requested certificate already exists. Use the --Force option to override this behavior by revoking the old certificate and creating a new one with the same name.

To have a certificate signed by a third party CA, you can use the Web.csr for the certificate signing request.

Administration Details

The following list shows the technical details you will need for advanced administration of the application:

• Package: assure1-app

• Synopsis: ./CreateSSLCertificate [OPTIONS]

• Options:

   -t, --Type OPT     Type option {Host, SiteCA, User, Web}
   -c, --CN TEXT      Common name FQDN
   -a, --AltCN TEXT   Alternative common name for subjectALtName
                      (specify separate HostFQDN from WebFQDN)
   -f, --Force        Force overwriting existing certificates
   -s, --Silent       Enable silent mode
   -?, -h, --Help     Print usage and exit