MicroStrategy ONE

Create a Certificate Signing Request in JDBC

You enable private communication between the MicroStrategy Identity Server and MicroStrategy Identity components running locally on your system by configuring them to use SSL (secure sockets layer) encryption while communicating with each other. To do this, you must obtain an SSL certificate signed by MicroStrategy Identity. You generate the signed certificate by submitting a certificate signing request (CSR) through MicroStrategy Identity Manager to be signed by MicroStrategy Identity.

Use a third-party tool to create a certificate signing request (CSR) that meets the following requirements:

  • RSA key size of at least 3072 bits
  • Hash algorithm of SHA-256 or higher
  • The CSR uses the following values:

    • Organization Name: Usher
    • Organizational Unit Name: Agent

You can create a certificate signing request (CSR) using the OpenSSL® utility. If you have installed MicroStrategy Identity on Windows, the OpenSSL utility is included. Alternatively, you can download the OpenSSL utility from https://www.openssl.org/community/binaries.html. On Linux, an openssl utility is included with many distributions.

The steps below contain only the information required to configure or use OpenSSL with MicroStrategy Identity. See the OpenSSL documentation for the latest information.

To Create a CSR Using OpenSSL

  1. Depending on your platform, do one of the following:
    • Windows: Open a command prompt window as administrator, and navigate to the location where OpenSSL is installed.
      • If you use the utility installed with MicroStrategy Identity, the default is C:\Program Files (x86)\Common Files\MicroStrategy\OpenSSL\openssl-1.0.2e\.
      • If you installed the utility manually, the default is C:\OpenSSL- Win32\bin.
    • Linux: Open a terminal window.

  2. To create a private key and certificate signing request (CSR), enter the following command:

    openssl req -new -newkey rsa:rsaKeySize -shaHashAlgorithm -nodes -subj '/O=Usher/OU=Agent' -keyout KeyName.key -out CSRName.csr

    where:

    • rsa:rsaKeySize = the RSA key size. For example, enter rsa:3072 to create an RSA key size of 3072 bits.
    • -shaHashAlgorithm = the hash algorithm. For example, enter -sha256 to use the SHA-256 hash algorithm.
    • KeyName.key = the name that you want to give the private key file. By default, the private key file is created in the current location. To create the file in a different location, include the location path in the KeyName.key parameter.

    • CSRName.csr = the name that you want to give the CSR file. By default, the CSR file is created in the current location. To create the file in a different location, include the location path in the CSRName.csr parameter.

      For example: openssl req -new -newkey rsa:3072 -sha256 -nodes -subj '/O=Usher/OU=Agent' -keyout UsherApp.key -out UsherApp.csr

      A CSR (.csr) file and a private key (.key) file are created. Save these files in a location that is accessible by the machine that you install the MicroStrategy Identity Agent on. You will use these files to configure MicroStrategy Identity components.

Next, Install and Configure the Identity Agent for JDBC.