Skip to main content
Skip table of contents

Creating TLS Certificates for Other Hosts

Occasionally, you need to generate new certificates for other hosts. This can be other EJBCA hosts or even a server running Apache. You can always use other EJBCA protocols such as ACME to do this, but you can also do it on the EJBCA Cloud host directly with the scripts provided.

To generate new certificates for other hosts, do the following:

  1. SSH into the CA server and navigate to the /opt/PrimeKey/support directory.
  2. To generate TLS certificates for another host on the EJBCA Cloud CA host, use the script.
    Since many hosts will most likely have two IP addresses and two DNS addresses, those are indicated with the -d and -i flags. In this example, use the alternate name of simulating an alternate name to reference this host by. In this case, the IP and DNS names the host has are:
    • ip-172-31-0-115.ec2.internal
      # /opt/PrimeKey/support/ -d -d -d ip-172-31-0-115.ec2.internal -i -i
  3. The script will prompt to request to generate the certificates in the format that Apache will expect them on the RA.
  4. Choose Y and press Enter. It will output the following files into the /home/ec2-user/pem directory for easy copying.

    The following three files are output:
    • The issuing CA certificate.
    • server-mgmt.key: The private key for the device certificate.
    • server-mgmt.pem: The device public certificate.
  5. Copy these files to the server they will be used on and put them into place for your particular use case.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.