Obtain an SSL certificate
Obtain a third-party certificate from a certificate authority (CA) such as VeriSign, Thawte, or GeoTrust. The methods for obtaining a certificate vary. Therefore, refer to the vendor's web site for specific instructions.
You may, for testing purposes or as a permanent solution, use a self-signed certificate. This is not recommended as it makes the implementation slightly more complex and may limit access to IT Analytics to some of your users.
The following outlines the process for creating a Subject Alternative Name (the certificate covers more than one hostname under a single certificate) self-signed certificate on a Linux operating system. Steps will be similar on Windows. This certificate secures communication for both the portal and data receiver web instances.
cd /tmp vi san.cnf
Sample san.cnf file - use this faile as a template and modify this for your environment. The san.cnf file will be an input parameter during certificate generation. Note the use of an example domain name of example.com; change this to own your environment's domain name.
Under the v3 section, in addition to the portal name, also provision the data receiver under this same certificate.
[ req ] default_bits = 4096 prompt = no default_md = sha256 distinguished_name = req_distinguished_name x509_extensions = v3_req [ req_distinguished_name ] C = US ST = New York L = New York City O = Veritas OU = ITA emailAddress = aReal.emailaddress@yourdomain.com CN = itanalyticsportal.example.com [ v3_req ] subjectAltName = @alternate_names [alternate_names] DNS.1 = itanalyticsportal.example.com DNS.2 = itanalyticsagent.example.com
san.cnf file created aboveThe following command results in the private key name of server.key, and certificate name of server.crt. These names will be used through the remainder of this chapter. You are free to use different names for the certificate and private key files if desired. With this command, we are also creating a self-signed certificate for 3650 days, or 10 years.
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout server.key -out server.crt -config /tmp/san.cnf Generating a RSA private key ......................................++++ ..........................................................................................................................................................................................................................................................................................................................................++++ writing new private key to 'server.key' ----- tmp]# ll total 276 -rwxrwxrwx 1 root root 513 Dec 11 01:03 san.cnf -rw-r--r-- 1 root root 2187 Dec 11 01:25 server.crt -rw------ 1 root root 3272 Dec 11 01:25 server.key