How To: Create a DMC Certificate with specific Common Name

Owned by Former user (Deleted)
Last updated: Feb 02, 2021 by Mike Olivas

The documented DMC commands generate a certificate that contains a * as the Common Name. If you wish to override the Common Name follow these steps:

  1. Add --debug to the command to expose the full keytool string: datical-control https generate-signing-request --output /tmp/certificate.csr --debug 

    1. Output:

      [centos@dmcserver datical-service]$ datical-control https generate-signing-request --output /tmp/certificate.csr --debug                           Executing shell: /opt/datical/jre/bin/keytool -certreq -alias datical -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr Environment: null CSR saved to /tmp/certificate.csr

  2.  

    1. (If you want to use a *.example.com certificate)Re-run the Executing shell command that is returned from the above command and insert the Common Name you would like to be used by the certificate in an option called -dname: /opt/datical/jre/bin/keytool -certreq -alias datical -dname "o=example, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr

      1. Output:

        [centos@dmcserver datical-service]$ /opt/datical/jre/bin/keytool -certreq -alias datical -dname "o=liquibase, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr Certification request stored in file </tmp/certificate.csr> Submit this to your CA

    2. (If you want to use a hostname.example.com certificate)Re-run the Executing shell command that is returned from the above command and insert the Common Name you would like to be used by the certificate in an option called -dname: /opt/datical/jre/bin/keytool -certreq -alias datical -dname "CN=hostname,o=example, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr

      1. Output:

        [centos@dmcserver datical-service]$ /opt/datical/jre/bin/keytool -certreq -alias datical -dname "cn=dmcserver,o=liquibase, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr Certification request stored in file </tmp/certificate.csr> Submit this to your CA

  3. Check that the new certificate has the desired common name versus a * with this command: openssl req -in /tmp/certificate.csr -noout -text

    1. Output:

 

Copyright © Datical 2012-2020 - Proprietary and Confidential