...
The Universal Agent suite includes an X.509 certificate utility, Universal Certificate, to create certificates for use in the Universal Agent suite.
...
Step 1 | Create a Self-Signed CA Request:
ucert -create request -request_file ca_req.pem -private_key_file ca_pkey.pem -country US -state GA -locality Alpharetta -organization Stonebranch -common_name Stonebranch |
|---|
Step 2 | Create a CA Certificate:
ucert -create cert -request_file ca_req.pem -private_key_file ca_pkey.pem -cert_file ca_cert.pem -ca yes -not_after_date +3650 |
|---|
Step 3 | Create a Server Certificate Request:
ucert -create request -request_file ubr1_req.pem -private_key_file ubr1_pkey.pem -country US -state GA -locality Alpharetta -organization Stonebranch -common_name "l64agent" |
|---|
Step 4 | Create a Server Certificate:
ucert -create cert -ca_cert_file ca_cert.pem -request_file ubr1_req.pem -private_key_file ca_pkey.pem -cert_file ubr1_cert.pem -not_after_date +3650 |
|---|
Step 5 | The following files are generated in Steps 1 - 4: - CA PKEY =
ca_pkey.pem - CA CERT =
ca_cert.pem - Server PKEY =
ubr1_pkey.pem - Server CERT =
ubr1_cert.pem
|
|---|
Step 6 | Add Server CERT and PKEY to the target ubroker.conf: certificate /home/test/ubr1_cert.pemprivate_key /home/test/ubr1_pkey.pem
|
|---|
Step 7 | Copy ca_cert.pem to the source server. |
|---|
Step 8 | Run the following command from the source server to test:
/opt/universal/bin/ucmd -host l64agent -userid test -pwd xxx -cmd "pwd" -level info -verify_host_name yes -ca_certs /home/test/ca_cert.pem |
|---|
Step 9 | Use Universal Certificate to print the certificate and verify the certificate serial number:
ucert -print cert -cert_file ubr1_cert.pem
See #Certificate, below. |
|---|
Step 10 | Run following command from the source server to test:
/opt/universal/bin/ucmd -host l64agent -userid test -pwd xxx -cmd "pwd" -level info -verify_host_name yes -ca_certs /home/test/ca_cert.pem -verify_serial_number 0x28c91a7fb2f26649 |
|---|
...
