Advantage Database Server

TLS Certificate Script

Advantage Concepts

TLS Certificate Script

Advantage Concepts

Previous topic Next topic  

TLS Certificate Script

Advantage Concepts

Previous topic Next topic  

If you run the following commands (e.g., in a Windows batch file), it produces a clientcert.pem file, which is the file specified in the client's connection option TLSCertificate.  It also produces a servercert.pem file, which is referred to by the server configuration parameter TLS_KEY_FILE.


To use this script, place it in a directory such as c:\adscert along with the openssl.cnf file. Make sure the "dir" key value in the openssl.cnf file matches the directory you choose.



if not exist private md private

if not exist certs md certs


if not exist index.txt copy NUL index.txt

if not exist serial echo 01 > serial



set OPENSSL_CONF=.\openssl.cnf


rem This creates clientcert.pem, which is the public root certificate for our "CA"

rem The private key ends up in the private directory (specified in the .cnf file by the

rem private_key value)

openssl req -x509 -newkey rsa:2048 -out clientcert.pem -outform PEM -passout pass:mypassword


rem  The result of this is:

rem   testkey.pem:  The private key

rem   testreq.pem:  The certificate request

openssl req -sha1 -newkey rsa:2048 -passout pass:mypassword -keyout testkey.pem -keyform PEM -out testreq.pem -outform PEM -subj /C=us/ST=ST/L=MyCity/


rem This creates the signed certificate

openssl ca -in testreq.pem -passin pass:mypassword -out signedcert.pem



rem Combine the private key and the signed certificate into a single PEM file

rem for the server.

copy /b testkey.pem+signedcert.pem servercert.pem