create_ssl_cert
Name
create_ssl_cert — create a self-signed SSL certificate
Synopsis
/opt/msys/ecelerity/bin/create_ssl_cert
{ service
} { hostname
} { prefix
} [ user
]
Description
During installation, self-signed SSL certificates valid for one year are created for some services. Use this command to create a new certificate when the original expires. When a certificate expires, you will see an error such as the following:
ERROR: premature EOF in "svn update '--config-dir' '/opt/msys/ecelerity/etc/.eccfg' » '--username' 'ecuser' '--no-auth-cache' '--non-interactive' '--trust-server-cert' '.'" svn: OPTIONS of 'https://mail2:2027/config/default/boot': Server certificate » verification failed: certificate has expired, issuer is not trusted
To create a new certificate, first stop the appropriate service and remove the old certificate. Then issue the create_ssl_cert command. For example, the following command creates a certificate for the ecconfigd service:
shell> /opt/msys/ecelerity/bin/create_ssl_cert ecconfigd hostname
/var/ecconfigd/apache ecuser
The parameters passed to this command are as follows:
- *`service`*
-
The following services can be specified with this command:
-
ecconfigd
- Momentum Configuration ServerThe ecconfigd service requires SSL and a certificate is created when Momentum is installed. For this reason, you will see the following message during installation:
Generating a 2048 bit RSA private key ... writing new private key to '/var/ecconfigd/apache/server.key'
-
msyspg
- Postgresql ServerDuring installation, you can choose to use SSL for PostgreSQL.
-
- *`hostname`*
-
Specify the hostname of the machine that hosts the service for which you are creating a certificate.
- *`prefix`*
-
For the ecconfigd service, use
/var/ecconfigd/apache
. For the msyspg service, use/opt/msys/3rdParty/share/postgresql
. - *`user`*
-
For the ecconfigd service, use
ecuser
. For the msyspg service, usemsyspg
. If you do not specify a user, the user defaults toecuser
.