- Contents
Supervisor iPAD
Generating certificates manually with GenSSLCertsU
Setup Assistant and CIC generate most certificates automatically. However, there are situations in which you must generate certificates manually, as shown in the following examples:
-
If your organization wants to serve as its own Certificate Authority and sign its own certificates
-
If the folder containing your certificates on the CIC server is deleted or corrupted
Note:
Make backups! Back up your certificates folder, typically in \I3\IC\Certificates, so that you have spare copies of all your certificates. However, if you do not have a backup copy of your certificates, you can use the GenSSLCertsU.exe utility to regenerate them.
By default, GenSSLCertsU.exe is installed in the following directory path:
D:\I3\IC\
To generate or regenerate certificates, execute GenSSLCertsU.exe with the -w parameter as displayed in the following example:
D:\I3\IC\gensslcertsu -w
Note:
Except for its own optional parameters, you cannot combine gensslcertsu
-w with other parameters, such as -r and -d.
For more information on all gensslcertsu.exe parameters,
see "Generating Certificates Manually with GenSSLCertsU in the CIC
PureConnect Security Features Technical Reference at https://help.genesys.com/pureconnect/secure/download.aspx?path=/Service%20Updates/doc/pureconnect/Security_Features_TR.pdf .
You can also specify additional parameters after the -w parameter as defined in the following table:
| Parameter | Description |
|---|---|
|
-m CNName |
The -m CNName parameter specifies the common name of the certificate subject. Use the Fully-Qualified Domain Name of the host. Example: gensslcertsu -w -m server1.example.com |
|
-h Path |
The -h Path parameter specifies the directory path for the certificate and the private key. By default, the certificate and its private kay are stored in the following CIC subdirectory: Certificates\HTTPS For a default installation on the CIC server, the full path is as follows: D:\I3\IC\Certificates\HTTPS Note: The path must exist and gensslcertsu.exe must have access rights to create and write files to the folder. Example: gensslcertsu -w -m server1.example.com -h \Certificates\HTTPS |
|
[NotifierHost] [ICUserName [ICUserPassword]] |
Tip: Square brackets ( The NotifierHost option specifies the CIC server host name, which provide the Notifier communication protocol. Example: gensslcertsu -w -m server1.example.com MyCICServer |
|
The ICUserName option specifies the name of a CIC user account under which this command has access right to generate certificates. Use this option only if you use the NotifierHost option. Note: If you do not specify the ICUserName option, gensslcertsu.exe uses the account of the current logged-in user. Example: gensslcertsu -w -m server1.example.com MyCICServer Admin |
|
|
The ICUserPassword option specifies the password of the CIC user account specified with the ICUserName option. Use this option only if you use the ICUserName option. Example: gensslcertsu -w -m server1.example.com MyCICServer Admin 1234 |
|
|
[-a SHAAlgorithm] |
The -a SHAAlgorithm option and parameter specifies that gensslcertsu -w will create certificates using the SHA1 or SHA256 signature digest algorithm. Substitute one of the following items for the SHAAlgorithm parameter:
Note: If you do not specify the Example: gensslcertsu -w -m server1.example.com -a sha256 |
|
[-e] |
The -e option specifies gensslcertsu -w to use existing certificates. Use this option with the –a option to use existing certificate information and key pairs when changing the signature digest algorithm. Example: gensslcertsu.exe -w -m server1.example.com -a sha1 -e |