Creating a Private Key and a Custom X509 Certificate - Adaptive Applications - BlueCat Gateway - 21.1

BlueCat Distributed DDNS Administration Guide

prodname
BlueCat Gateway
version_custom
21.1
Once you have generate the private key and X509 certificates, you can create a custom X509 certificate that is digitally signed by a CA created by the user. You can generate a custom X509 certificate from the host machine that has a Distributed DDNS component installed and was used to create the CA private key and certificate.
  1. Log in to the host machine that was used to create the CA private key and certificate.
  2. Generate a private key and create a certificate request using the following command:
    openssl req -newkey rsa:2048 -days 365000 -nodes -keyout <private_key>.pem -out <x509_certificate_request>.pem
  3. Process the key to remove the passphrase using the following command:
    openssl rsa -in <private_key>.pem -out <private_key>.pem
  4. Generate a custom X509 certificate from the certificate request using the following command:
    openssl -req -in <x509_certificate_request>.pem -days 365000 -CA ca_cert.pem -CAkey ca_key.pem -CAcreateserial -out <x509_certificate_request>.pem

    This generates a <x509_certificate_request>.pem file that is the custom X509 certificate.

  5. Optionally, once the CA X509 certificate and a custom X509 certificate have been created, verify that it was correctly generated using the following command:
    openssl verify -CAfile ca_cert.pem <x509_certificate_request>.pem

    If the certificate was correctly generated, the console displays OK indicating that it was successfully verified.

Repeat the process to create custom X509 certificates and private keys for each Distributed DDNS component. The following are example certificates created for each component:
  • Distributed DDNS Data Nodes: mariadb_server_cert.pem, mariadb_server_key.pem
  • Distributed DDNS Application Node: workflow_cert.pem, workflow_key.pem
  • Distributed DDNS Service Nodes: api_server_cert.pem, api_server_key.pem
Note: The certificate file names and private key file names must match the example certificate names for Distributed DDNS to operate correctly.