Previous Topic: Set Expiration

Next Topic: Create the Server Certificate

Generating SSL CertificatesCreate the CA Certificate

Create the CA Certificate

To create the CA certificate

  1. Create a configuration file that is used as input to the openssl utility. A sample file, named cassl.conf, was installed in the ssl subdirectory of the CA XCOM Data Transport installation directory for UNIX and Windows platforms. For z/OS, cassl.conf was downloaded as part of a .TAR formatted file, and then copied to a user-specified path on the site's HFS file system. This .TAR file needs to have the SSL files extracted before it can be edited. Change to the ssl subdirectory and edit the [root_ca_distinguished_name] section, changing the values as appropriate for your system.

    Note: For UNIX, you must have 'root' authority to perform this task.

  2. Issue the following command to run the makeca script: 
    ./makeca

    This shell script uses the cassl.conf file to generate a certificate and key file. The certificate, cassl.pem, is saved in the 'certs' subdirectory. The key file, generated as casslkey.pem, is saved in the 'private' subdirectory.

    Note: When running the makeca script the first time, the pseudo-random number generator (PRNG) file does not exist and issues a warning to this effect. The makeca utility generates the PRNG file the first time it is run and does not issue this warning on subsequent executions. This is only a warning; you can continue with the next step.

  3. To list the certificate just created, issue the following command to use the listca script: 
    ./listca

This shell script displays the CA certificate and the information stored in the package.