MicroStrategy ONE
Self-Signed Certificates: Creating a Certificate Authority for Development
If you are creating demos or proofs-of-concept that require SSL, you can set up a server that can act as a Certificate Authority (CA) to sign the certificates for the MicroStrategy applications.
Use self-signed certificates only in demo or development environments. Self-signed certificates are not recommended in a production environment for the following reasons:
- If the CA server is compromised, an attacker can use it to sign certificates for malicious sites.
- By default, users' devices and browsers do not accept self-signed certificates, which may cause users to receive security warnings and disrupt their workflows.
You can set up a CA server using the OpenSSL utility. If you are using a UNIX or Linux machine, OpenSSL should be installed by default. If you are using a Windows machine, you can download the OpenSSL utility from http://www.openssl.org/.
To set up a CA, perform the following tasks:
- Create the directories and configuration files for the CA. See Creating the Directories and Configuration Files for Your CA.
- Create the server's private key and root certificate. See Creating the Private Key and Root Certificate for the CA.
- Add the root certificate as a trusted certificate on your network. See Adding Your Enterprise CA as a Trusted Certificate Authority.
- Configure OpenSSL to use the server's private key and certificate to sign certificate requests. See Configuring OpenSSL to Use your Private Key and Root Certificate.
- Generate an SSL Certificate Signing Request (CSR). See Generating an SSL Certificate Signing Request.
- Create certificates for the MicroStrategy applications. See Signing Certificate Requests Using Your CA.