Using a self-signed certificate
About this task
|
A self-signed certificate is also supported for customer testing. |
To create a self-signed certificate:
Steps
-
Create a private key.
ASE CLI is used to generate a 2048-bit private key in the
/opt/pingidentity/ase/config/certs/dataplane/dh1024.pemfile.Example:
/opt/pingidentity/ase/bin/cli.sh create_key_pair -u admin -p Warning: create_key_pair will delete any existing key_pair, CSR and self-signed certificate Do you want to proceed [y/n]:y Ok, creating new key pair. Creating DH parameter may take around 20 minutes. Please wait Key created in keystore dh param file created at /opt/pingidentity/ase/config/certs/dataplane/dh1024.pem
-
Create a CSR file.
Example:
/opt/pingidentity/ase/bin/cli.sh create_csr -u admin -p Warning: create_csr will delete any existing CSR and self-signed certificate Do you want to proceed [y/n]:y please provide following info Country Code >US State >colorado Location >Denver Organization >PI Organization Unit >TEST Common Name >yoursiteabc.com Generating CSR. Please wait... OK, csr created at /opt/pingidentity/ase/config/certs/dataplane/ase.csr
-
Use the CLI to produce a self-signed certificate using the certificate request located in
/pingidentity/ase/config/certs/dataplane/ase.csr.Example:
/opt/pingidentity/ase/bin/cli.sh create_self_sign_cert -u admin -p Warning: create_self_sign_cert will delete any existing self-signed certificate Do you want to proceed [y/n]:y Creating new self-signed certificate OK, self-sign certificate created in keystore
-
Restart ASE.
For more information, see Starting and stopping ASE.