Create certificates
- Updated: 2023/01/27
Create certificates
Create certificates as part of installing PEG.
Prerequisites
- Option 1:PEG generates keys and CSRs.
- Option 2: Create your own keys and certificates.
-
Unique ID (UID): Each PEG VM you run must have a unique id. You can define the UID to be anything you want as long as it meets the following criteria:
- Less than or equal to 18 characters in length
- Contains only letters from a to z, numbers from 0 to 9 and/or hyphens
- Must not begin or end with a hyphen
- Must not contain consecutive hyphens
-
Tip: To easily create a UID, take the last 18 characters of a GUID generated from an online GUID generator.
- The apex domain that you want to use for the PEG DNS names (for example, example.com)
Option 2 - Create your own keys and certificates
Learn how to create keys and certificates before you deploy PEG.
Keys and certificates must be in Base64 PEM format (called openssl or PKCS #8 for the key format in some systems). Create certificates according to Common Tasks - Creating the certificates. Keys must not be password protected. Also, ensure that your keys match the file names in the Key File Name column of, Common Tasks - Creating the certificates.
Common Tasks - Creating the certificates
Learn how to create Base64 PEM certificates.
When you create the certificates, create six server Base64 PEM certificates (called openssl format in some systems), with domain names and file names mapped as follows, where the UID is provided to you by Process Discovery and the apex domain is your apex domain that you will use for PEG. Each certificate you create must just contain the leaf certificate and not the full chain.
Domain | Cert file name | Key file name (Required only if you created your own keys) |
---|---|---|
analytics-fiq-<UID>.<apex domain> | analytics-cert.pem | analytics-key.pem |
proxy-fiq-<UID>.<apex domain> | proxy-cert.pem | proxy-key.pem |
storage-fiq-<UID>.<apex domain> | storage-cert.pem | storage-key.pem |
st-fiq-<UID>.<apex domain> | st-cert.pem | st-key.pem |
dlp-fiq-<UID>.<apex domain> | dlp-cert.pem | dlp-key.pem |
es-fiq-<UID>.<apex domain> | es-cert.pem | es-key.pem |
klite-fiq-<UID>.<apex domain> | klite-cert.pem | klite-key.pem |