Previous Topic: Designate a Secure ServerNext Topic: Generate the Key Store and Revocation List

Platform Deployment GuideAdvanced Encryption ModeHow Do I Deploy CA DataMinder In Advanced Encryption Mode?Generate the Root Certificate

Generate the Root Certificate

To generate the root certificate, run the batch file supplied with the CA DataMinder distribution media.

To generate the root certificate

  1. From a command prompt on your designated secure server, change to the \AdvancedEncryption folder.
  2. From a command prompt, run GenerateRootCert.bat.
  3. When prompted, enter and confirm a strong passphrase to secure the root key pair.

    You will need to supply this passphrase later, when you self-sign the root certificate, and when you sign the enterprise-wide certificate.

    Important! This passphrase will not be stored anywhere. If you forget or lose it, you will need to regenerate all certificates and key stores!

  4. GenerateRootCert.bat generates the root certificate and a key pair (root.crt and root.key respectively).

    These files are saved in the \AdvancedEncryption\Persist subfolder on your secure server. They will be used to generate the enterprise-wide certificate, the Key Store file, and the Revocation List file.

    Important! You must retain the contents of the \Persist subfolder for the lifetime of the CA DataMinder deployment. These contents are needed each time you update the enterprise wide certificate.

More information:

Folders Used By Certificate Scripts