Creating a Key Store with CA-Signed Certificate
Required Files
Before proceeding, ensure that you have the following three PEM files:
- Certificate Authority (CA) PEM file
- Signed PEM certificate
- Private key PEM file
The following example uses ssl-cert-keyhsm-ca.pem, ssl-cert-keyhsm.pem, and ssl-cert-keyhsm-pk.pem, respectively, to represent these files.
Create the Key Store
The following command accepts the ssl-cert-keyhsm.pem and ssl-cert-keyhsm-pk.pem files and converts them to a .p12 file:
$ openssl pkcs12 -export -in ssl-cert-keyhsm.pem -inkey ssl-cert-keyhsm-pk.pem -out mycert.p12 -name alias -CAfile ssl-cert-keyhsm-ca.pem -caname root -chain
Important: The certificate CN must match the fully qualified domain name (FQDN) of the
Key Trustee Server.
Page generated July 8, 2016.
<< Validating Key HSM Settings | ©2016 Cloudera, Inc. All rights reserved | Managing the Navigator Key HSM Service >> |
Terms and Conditions Privacy Policy |