Self-Signed Certificates: Creating a Certificate Authority for Development

If you are creating demos or proofs-of-concept that require SSL, you can set up a server that can act as a Certificate Authority (CA) to sign the certificates for the MicroStrategy applications.

Use self-signed certificates only in demo or development environments. Self-signed certificates are not recommended in a production environment for the following reasons:

If the CA server is compromised, an attacker can use it to sign certificates for malicious sites.
By default, users' devices and browsers do not accept self-signed certificates, which may cause users to receive security warnings and disrupt their workflows.

You can set up a CA server using the OpenSSL utility. If you are using a UNIX or Linux machine, OpenSSL should be installed by default. If you are using a Windows machine, you can download the OpenSSL utility from http://www.openssl.org/.

To set up a CA, perform the following tasks:

Create the directories and configuration files for the CA. See Creating the Directories and Configuration Files for Your CA.
Create the server's private key and root certificate. See Creating the Private Key and Root Certificate for the CA.
Add the root certificate as a trusted certificate on your network. See Adding Your Enterprise CA as a Trusted Certificate Authority.
Configure OpenSSL to use the server's private key and certificate to sign certificate requests. See Configuring OpenSSL to Use your Private Key and Root Certificate.
Generate an SSL Certificate Signing Request (CSR). See Generating an SSL Certificate Signing Request.
Create certificates for the MicroStrategy applications. See Signing Certificate Requests Using Your CA.