Signing Certificate Requests Using Your CA

Once you have configured OpenSSL to use your CA's private key and root certificate, you can sign certificate requests to create the SSL certificates for the MicroStrategy applications. The steps to create certificates follow.

To Sign Certificate Requests Using Your CA

1. Depending on your platform, do one of the following:
   • Linux: Open a terminal window, and navigate to the location where OpenSSL is installed.

     The default installation folder may depend on the distribution you are using. For example, for Red Hat Enterprise Linux, the default folder is /etc/pki/tls.

   • Windows: Open a command prompt window, and navigate to the location where OpenSSL is installed. By default, this is C:\OpenSSL-Win32\bin.
2. Type the following command, and press Enter:

   openssl ca -config devCApath/openssl.dev.cnf -policy policy_anything -out devCApath/certs/mstrapp.crt -infiles CSRpath/mstrapp.csr

   Where:

   • devCApath: The root directory for your CA, which is created as part of the procedure described in Creating the Directories and Configuration Files for Your CA. For example, /etc/pki/tls/devCA.
   • openssl.dev.cnf: The OpenSSL configuration file for your CA, configured to use your CA's private key and root certificate, as described in Configuring OpenSSL to Use your Private Key and Root Certificate.
   • mstrapp.crt: The filename for the certificate to be generated for the MicroStrategy application.
   • CSRpath: The folder where the certificate signing request is stored.
   • mstrapp.csr: The certificate signing request for the MicroStrategy application.

   The certificate is generated, and is stored in the certs folder.

3. Copy the generated certificate to the machine where the MicroStrategy application is hosted.
4. Repeat this procedure for all MicroStrategy applications that require SSL certificates.