Self-Signed Certificate Generation
Self-signed certificates are not recommended to be used in production environments. For production environments, it is advisable to use a trusted certificate issuer. This section outlines a practical way to generate a self-signed certificate for test and demo purposes.
The NOM Server contains a utility to generate a self-signed certificate suitable for your environment.
To invoke the utility and get help on usage, navigate to the NOM Server folder and execute the following command:
$> java -jar ./lib/server.jar ssc --help utility to generate self signed certificate for TEST purposes only sample usage: to generate a self signed certificate for 'localhost', which could either be accessed through DNS names of 'localhost.localdomain' or 'my.custom.domain', or with IP addresses of '127.0.0.1' or '192.168.100.5'; $> java -jar ./lib/server.jar ssc -n localhost -o /tmp -p changeit \ -d localhost.localdomain,my.custom.domain \ -i 127.0.0.1,192.168.100.5 it creates /tmp/localhost.cer and /tmp/localhost.pfx files upon completion. options (required options marked with *): -d, --dns=<dns>[,<dns>...] list of dns names to use to access the server, eg. --dns=localhost.localdomain,test. local.domain -i, --ip=<ip>[,<ip>...] list of IP addresses to use to access the server, eg. --ip=127.0.0.1,192.168.100.55 * -n, --name=<name> common name to use in generated certificate, eg. --name=localhost * -o, --output=<output> target directory, eg. --output=. * -p, --password=<password> password for generated PKCS12 file -h, --help help
If you are generating a certificate for running the server on
localhost is the primary name set as Subject Name field on the certificate and is also used as the name of generated files.
For the certificate to be identified as valid, it also needs to include alternative names used to access the server.
Assume there are also a number of virtual machines that access the server through IP addresses
Furthermore, a local DNS alias
nom.example.com is set up for
In order to generate a self-signed certificate for the above example, execute the following command;
java -jar ./lib/server.jar ssc -n localhost \ -o ./certificates \ -p changeit \ -d nom.example.com \ -i 192.168.10.1,172.16.10.1
It generates a key pair and a self-signed certificate and creates
localhost.pfx files inside
localhost.pfx is assigned the password
changeit which is provided to the command as an argument.
You can then use these two files to configure the server and agents for TLS encrypted communication.
Was this page helpful?