Skip to main content
OnCommand Workflow Automation 5.1

Create a certificate signing request for Workflow Automation

Contributors netapp-aoife
PDFs

You can create a certificate signing request (CSR) in Linux so that you can use the SSL certificate that is signed by a Certificate Authority (CA) instead of the default SSL certificate for Workflow Automation (WFA).

  • You must have root privileges for the Linux system on which you have installed WFA.

  • You must have replaced the default SSL certificate that is provided by WFA.

The default WFA installation path is used in this procedure. If you have changed the default path during installation, then you must use the custom WFA installation path.

Steps

  1. Log in as a root user on the WFA host machine.

  2. Open a shell prompt on the WFA server, and then change directories to the following location: <OpenJDK_install_location>/bin

  3. Create a CSR file:

    keytool -certreq -keystore WFA_install_location/wfa/jboss/standalone/configuration/keystore/wfa.keystore -alias "ssl keystore" -file /root/file_name.csr

    file_name is the name of the CSR file.

  4. When prompted, provide the password (default or new).

    The default password is a randomly generated encrypted password.

    To obtain and decrypt the default password, follow the steps in the Knowledge Base article How to renew the self-signed certificate on WFA 5.1.1.0.4

    To use a new password, follow the steps in the Knowledge Base article How to update a new password for the keystore in WFA.

  5. Send the file_name.csr file to the CA to obtain a signed certificate.

    See the CA web site for details.

  6. Download a chain certificate from the CA, and then import the chain certificate to your keystore:

    keytool -import -alias "ssl keystore CA certificate" -keystore WFA_install_location/wfa/jboss/standalone/configuration/keystore/wfa.keystore" -trustcacerts -file chain_cert.cer

    chain_cert.cer is the chain certificate file that is received from the CA. The file must be in the X.509 format.

  7. Import the signed certificate that you received from the CA:

    keytool -import -alias "ssl keystore" -keystore WFA_install_location/wfa/jboss/standalone/configuration/keystore/wfa.keystore" -trustcacerts -file certificate.cer

    certificate.cer is the chain certificate file that is received from the CA.

  8. Start the WFA services:

    ./wfa --start=DB

    ./wfa --start=WFA