The Basic Host Identity (BHI) certificate does not have any rights to the Client Automation management database and no associated security profile in the default installation. Thus, choosing a new DN for the certificate does not involve any additional effort to amend Client Automation security profiles and permissions.
The default DN assigned to the BHI certificate is as follows:
CN=Basic Host Identity,O=Computer Associates,C=US
The command to create a new Basic Host Identity certificate has the following format:
cacertutil create -o:certname.p12 -od:certname.der -op:passphrase “-s:CertDN” -i:rootname.p12 -ip:rootpassphrase -d:730
Specifies the output file name for the PKCS#12 packaged certificate.
Specifies the output file name for the DER encoded certificate.
Specifies the pass-phrase to protect the PKCS#12 output certificate.
Specifies the DN to whom the certificate should be issued.
Specifies the file name of the root PKCS#12 certificate.
Specifies the pass-phrase protecting the root PKCS#12 certificate.
Specifies the lifetime of the certificate in days (the example shows 2 years (= 730 days)).
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|