Signing a certificate
If you created your certificate authority with CDC Replication commands, you can also sign certificates with CDC Replication commands.
This procedure uses keytool, which is located under installation_directory/jre32/jre/bin.
The certificate authority signs a certificate when it receives a certificate signing request from a CDC Replication system. The request is often a file named with the hostname of the CDC Replication system with a .csr extension. You can use the keytool -gencert command to sign a certificate. For example:
keytool -gencert -noprompt -infile hostname.csr -outfile hostname.crt -alias self -sigalg SHA256withRSA -validity 365 -keypass password -keystore privatekey.jks -storepass password -rfc
The CDC Replication system needs the entire certificate chain, which includes the signed certificate and the certificate authority's certificate. You can use the keytool -exportcert command to export the certificate authority's certificate. For example:
keytool -exportcert -noprompt -rfc -alias self -file ca.crt -keystore privatekey.jks -storepass password -storetype JKS
Send the signed certificate (for example, hostname.crt) and the self-signed certificate authority certificate (for example, ca.crt) back to the CDC Replication system.