Generate Internal System Certificates (OpsDrv, OpsKey, UIKey) on the HSM

Three system certificates are installed with Sterling B2B Integrator to secure internal operations. Little security benefit is provided by moving them to the HSM. Your security policy can require that all certificates that contain private keys be stored on the HSM.

About this task

When generating the Sterling B2B Integrator internal system certificates called OpsDrv, OpsKey, and UIKey on the HSM, use the exact names. Otherwise, Sterling B2B Integrator will not function properly.

To generate internal system certificates:

Procedure

  1. Navigate to /install_dir/install/bin.
  2. Enter ./RemoveSystemCert.sh -l to view certificates in the database. Note the object ID for each system certificate.
  3. To delete the system certificates from the database by running the following command for each certificate:
    ./RemoveSystemCert.sh -r xxxx where xxxx is the object ID of the certificate you want to remove.
  4. Generate the system certificate on the HSM for each certificate, enter:

    ./CreateSystemCert.sh storetype provider autogen totrusttable signingbit keytype keysize keyname rfc1779rdnsequence serial validityindays [system passphrase] [store passphrase] [key passphrase]