Select the Certificate Authority (CA) used for signing

RSE API provides a script, invoked by either the HUCRYPT JCL or the huhcrypto.sh script, that creates and populates the KeyStore with a signed server certificate and the public certificate of the Certificate Authority (CA) that signed the server certificate. This script supports the following scenarios, which differ in the way that the server certificate is signed:

• No existing setup is required.

  The script executes the following tasks:

  1. Create a server KeyStore file and a Certificate Signing Request (CSR).
  2. Create a Certificate Authority (CA) certificate, store it in a separate KeyStore file, and use it to sign the CSR.
  3. Import the signed CSR in the server KeyStore file, together with the public CA certificate.
• Use an existing CA certificate for signing a CSR.
  The script executes the following tasks:

  1. Create a server KeyStore file and a Certificate Signing Request (CSR).
  2. Use a Certificate Authority (CA) certificate that is provided by the customer, store it in a KeyStore file, and use it to sign the CSR.
  3. Import the signed CSR in the server KeyStore file, together with the public CA certificate.
• Use another local or external tool to sign a CSR.
  The script executes the following tasks:

  1. Create a server KeyStore file and a Certificate Signing Request (CSR).
  2. Enable the customer to sign this CSR with another tool, for example, a trusted third-party Certificate Authority (CA).
  3. Import the signed CSR in the server KeyStore file, together with the public CA certificate.