MicroStrategy ONE
Signing Certificate Requests Using Your CA
Once you have configured OpenSSL to use your CA's private key and root certificate, you can sign certificate requests to create the SSL certificates for the MicroStrategy applications. The steps to create certificates follow.
This procedure assumes that you have completed the following steps:
- Create the files and directory structure for your CA, including a copy of the default OpenSSL configuration file, as described in Creating the Directories and Configuration Files for Your CA.
- Create a private key and root certificate for your CA, as described in Creating the Private Key and Root Certificate for the CA.
- Configure OpenSSL to use the private key and root certificate, as described in Configuring OpenSSL to Use your Private Key and Root Certificate.
- Create a certificate signing request (CSR file) for the applications that require SSL certificates, as described in Generating an SSL Certificate Signing Request. Copy the CSR file to the server that hosts your CA.
To Sign Certificate Requests Using Your CA
- Depending on your platform, do one of the following:
- Linux: Open a terminal window, and navigate to the location where OpenSSL is installed.
The default installation folder may depend on the distribution you are using. For example, for Red Hat Enterprise Linux, the default folder is
/etc/pki/tls
. - Windows: Open a command prompt window, and navigate to the location where OpenSSL is installed. By default, this is
C:\OpenSSL-Win32\bin
.
- Linux: Open a terminal window, and navigate to the location where OpenSSL is installed.
- Type the following command, and press Enter:
openssl ca -config devCApath/openssl.dev.cnf -policy policy_anything -out devCApath/certs/mstrapp.crt -infiles CSRpath/mstrapp.csr
Where:
devCApath
: The root directory for your CA, which is created as part of the procedure described in Creating the Directories and Configuration Files for Your CA. For example,/etc/pki/tls/devCA
.openssl.dev.cnf
: The OpenSSL configuration file for your CA, configured to use your CA's private key and root certificate, as described in Configuring OpenSSL to Use your Private Key and Root Certificate.mstrapp.crt
: The filename for the certificate to be generated for the MicroStrategy application.CSRpath
: The folder where the certificate signing request is stored.mstrapp.csr
: The certificate signing request for the MicroStrategy application.
The certificate is generated, and is stored in the
certs
folder. - Copy the generated certificate to the machine where the MicroStrategy application is hosted.
- Repeat this procedure for all MicroStrategy applications that require SSL certificates.