Generate a self-signed root CA certificate

Perform this procedure while logged in to the deployer VM.

Use the following command to generate a self-signed root CA certificate and private key. The system generates a new self-signed root CA key and stores it the /root/userdata/certificates directory. This certificate can then be used with the other procedures as needed.

fss-certificate.sh create-certs --country <country> --province <province> --location <location> --org <organization> --org-unit <organizational unit> --days <num of days> --input-file <path>
where:

--country <country> is the two-letter of the country for the certificate subject

--province <province> is the province or state (in full) for the certificate subject

--location <location> is the location name (typically city) for the certificate subject

--org <organization> is the organization or company name for the certificate subject

--org-unit <organizational unit> is the organizational unit or team for the certificate subject

--days <num of days> is the number of days the certificate is valid

--input-file <path> is the name of the input JSON configuration file

  1. Create a new root CA. 
    # fss-certificate.sh create-certs --country US --province CA --location Sunnyvale --org Nokia --org-unit ION --days 3650 --input-file input.json
  2. Verify the generated certificate.
    Use the following command:
    openssl x509 -noout -text -in /root/userdata/certificates/fss-issuer.crt