...
- Generate a certificate signing request and private key. Preferably run this on FlexDeploy server. We have to secure private key file, so that it is only accessible by FlexDeploy application process.
openssl req -newkey -nodes -keyout clientKey.key -out clientCSR.csr
- Present the certificate signing request (.csr file) to your certificate authority (CA). The certificate authority will sign and return a certificate (.crt/.cer file).
- The certificate will likely be a .crt, .cer, or .pem file, which are all PEM format. If it's in another format, it will need to be converted to one of these formats. For example, a .p7b file is also a common format to receive certificates. Here's a command for converting from PKCS#7.
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.crt
- Create a .pem file from the certificate and private key.
cat clientCertificate.crt clientKey.key > clientPem.pem
...