Creating a certificate authority

If you need your own certificate authority you can create one by using CDC Replication commands.

This procedure uses keytool, which is located under installation_directory/jre64/jre/bin.

The basis of a certificate authority is a public/private key pair with a self-signed certificate. You can use the keytool -genkeypair command to generate these pairs. The -dname parameter specifies the X.500 Distinguished Name of the certificate authority. For example:

keytool -genkeypair -noprompt -alias self -keyalg EC -groupname secp256r1 -sigalg SHA256withECDSA -dname "O=example.com" -validity 365 -keystore privatekey.p12 -storepass password -storetype PKCS12 -ext BasicConstraints:critical=ca:true -ext KeyUsage:critical=keyCertSign,cRLSign

You can also use third-party tools such as openssl to create a certificate authority.