Create the Server Private Key and Certificate

Create the server’s private key file and certificate request, and sign the server certificate using the CA private key file. For more information on using the commands below see the OpenSSL documentation.

  1. Use the openssl genrsa command to create the server’s private key file.

    $ openssl genrsa -out new_server.key 1024

    Vertica supports unencrypted key files only.

  2. Use the openssl req command to create the server certificate request.

    $ openssl req -config openssl_req_server.conf -new -key new_server.key 
    -out new_server_reqout.txt

    At the command-line prompts, enter the following sample values. The actual values you enter here will be different than the sample values.

    Alternatively, you can enter the same information in .conf files. For example, openssl_req_server.conf , as shown in the preceding sample.

    $ Country Name (2 letter code) [GB]:US
    $ State or Province Name (full name) [Berkshire]:Massachusetts
    $ Locality Name (e.g., city) [Newbury]:Cambridge
    $ Organization Name (e.g., company) [My Company Ltd]:CorpName
    $ Organizational Unit Name (e.g., section) []:TechSupport
    $ Common Name (e.g., your name or server hostname) []:myhost
    $ Email Address []:myhost@CorpName.com
    
  3. Use the openssl command x509 to sign the server’s certificate using the CA private key file and public certificate.

    $ openssl x509 -req -in new_server_reqout.txt -days 3650 -sha1 -CAcreateserial -CA
    new_serverca.crt -CAkey new_servercakey.pem -out new_server.crt

You have now created the server private key file, new_server.key and signed the server certificate using the CA private key (new_servercakey.pem) and CA public certificate (new_serverca.crt). The result outputs to a new server certificate, new_server.crt.