Create certificates

Create certificates as part of installing PEG.

Prerequisites

You can create certificates by using one of two options.
In both cases, you will need the following:
  • Unique ID (UID): Each PEG VM you run must have a unique id. You can define the UID to be anything you want as long as it meets the following criteria:
    • Less than or equal to 18 characters in length
    • Contains only letters from a to z, numbers from 0 to 9 and/or hyphens
    • Must not begin or end with a hyphen
    • Must not contain consecutive hyphens
    • Tip: To easily create a UID, take the last 18 characters of a GUID generated from an online GUID generator.
  • The apex domain that you want to use for the PEG DNS names (for example, example.com)

Option 2 - Create your own keys and certificates

Learn how to create keys and certificates before you deploy PEG.

Keys and certificates must be in Base64 PEM format (called openssl or PKCS #8 for the key format in some systems). Create certificates according to Common Tasks - Creating the certificates. Keys must not be password protected. Also, ensure that your keys match the file names in the Key File Name column of, Common Tasks - Creating the certificates.

Common Tasks - Creating the certificates

Learn how to create Base64 PEM certificates.

When you create the certificates, create six server Base64 PEM certificates (called openssl format in some systems), with domain names and file names mapped as follows, where the UID is provided to you by Process Discovery and the apex domain is your apex domain that you will use for PEG. Each certificate you create must just contain the leaf certificate and not the full chain.

Table 1. Mapping of domain names to certificate file names
Domain Cert file name Key file name (Required only if you created your own keys)
analytics-fiq-<UID>.<apex domain> analytics-cert.pem analytics-key.pem
proxy-fiq-<UID>.<apex domain> proxy-cert.pem proxy-key.pem
storage-fiq-<UID>.<apex domain> storage-cert.pem storage-key.pem
st-fiq-<UID>.<apex domain> st-cert.pem st-key.pem
dlp-fiq-<UID>.<apex domain> dlp-cert.pem dlp-key.pem
es-fiq-<UID>.<apex domain> es-cert.pem es-key.pem
klite-fiq-<UID>.<apex domain> klite-cert.pem klite-key.pem
Note: You can create one certificate with all of the SANs. You can also create just one key if you create keys if you want. However, you will still need to make sure there are seven copies of that certificate and seven copies of that key (if you created keys) named as indicated previously. Do not create a wildcard certificate.