--- title: Creating a self-signed certificate description: To create a self-signed certificate: component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_creaeting_self_signed_certificate canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_creaeting_self_signed_certificate.html revdate: May 6, 2024 section_ids: about-this-task: About this task steps: Steps example: Example: example-2: Example: result: Result: example-3: Example: --- # Creating a self-signed certificate ## About this task ![Flowchart summarizing the steps for a creating self-signed certificate](../_images/rbu1608192067249.png) To create a self-signed certificate: ## Steps 1. Create a cluster key pair by running the following command-line interface (CLI) command: ``` create_cluster_key_pair [--yes | -y] create private key for cluster server --yes | -y : create private key without confirmation prompt ``` | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------- | | | The Private key in the pair is automatically created and updated in the keystore in `/pingidentity/ase/config/certs/` directory. | ### Example: The following command creates `dh1024.pem` in the `/opt/pingidentity/ase/config/certs/cluster/` directory: ```shell $ pingidentity/ase/bin/cli.sh -u admin -p admin create_cluster_key_pair Warning: create_cluster_key_pair will delete any existing cluster key_pair, CSR and self-signed certificate Do you want to proceed [y/n]:y Ok, creating new cluster key pair. Creating DH parameter may take around 20 minutes. Please wait Cluster key created at keystore Cluster dh param file created at /opt/pingidentity/ase/config/certs/cluster/dh1024.pem ``` 2. Generate a certificate signing request (CSR) from the private key running the following CLI command: ``` create_cluster_csr [--yes | -y] create certificate signing request for cluster server --yes | -y : create certificate signing request without confirmation prompt ``` ### Example: The following command creates a `.csr` file in the `/opt/pingidentity/ase/config/certs/cluster/`directory: ```shell $ pingidentity/ase/bin/cli.sh -u admin -p admin create_cluster_csr Warning: create_cluster_csr will delete any existing cluster CSR and self signed certificate Do you want to proceed [y/n]:y please provide following info Country Code >OP State >GP Location >IP Organization >KP Organization Unit >Kpase Common Name >www.123.com Generating CSR. Please wait... OK, cluster csr created at /opt/pingidentity/ase/config/certs/cluster/cluster.csr ``` ### Result: This `.csr` file is saved in the `/pingidentity/ase/config/certs/cluster/` directory. 3. Generate a self-signed certificate by running the following command: ``` create_cluster_self_sign_cert [--yes | -y] --yes | -y : create self signed certificate without confirmation prompt ``` ### Example: The following command creates a self-signed certificate in the key store: ```shell $ pingidentity/ase/bin/cli.sh -u admin -p admin create_cluster_self_sign_cert Warning: create_cluster_self_sign_cert will delete any existing cluster self signed certificate Do you want to proceed [y/n]:y Creating new cluster self signed certificate OK, self sign certificate created in key store ``` | | | | - | ------------------------------------------------------------------------------------------------------------------------------ | | | The certificate is automatically created in the key store in the `/pingidentity/ase/config/certs/` directory. | 4. Restart the ASE cluster for synchronizing the key and certificate. | | | | - | --------------------------------------------------------------------------------------------------------------------------- | | | For more information, follow the instructions in [Restarting an ASE cluster](pingintelligence_restarting_ase_cluster.html). |