Creating a certificate authority

If you need your own certificate authority you can create one by using CDC Replication commands.

This procedure uses keytool, which is located under installation_directory/jre64/jre/bin.

The basis of a certificate authority is a public/private key pair with a self-signed certificate. You can use the keytool -genkeypair command to generate these pairs. The -dname parameter specifies the X.500 Distinguished Name of the certificate authority. For example:

keytool -genkeypair -noprompt -alias self -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "O=example.com" -validity 365 -keypass password -keystore privatekey.jks -storepass password -storetype JKS -ext BasicConstraints:critical=ca:true -ext KeyUsage:critical=keyCertSign,cRLSign

You can also use third-party tools such as openssl to create a certificate authority.