Home > Cloud Cruiser 4 > Installing > Optional configurations > Creating a self-signed SSL certificate

Creating a self-signed SSL certificate

Table of contents
No headers

A self-signed SSL certificate can be created for use in preproduction testing environments. However, this is not recommended for production use since the certificate has not been signed by a certificate authority and is not trusted.

Before you begin

Creating a self-signed certificate with these instructions requires OpenSSL which is included with Cloud Cruiser Analytics Server. If you do not have Cloud Cruiser Analytics Server installed, you can download the toolkit separately.

Create a key

Open a command prompt and run the following commands

cd "<analytics server install root>\<version>\apache\bin"
SET OPENSSL_CONF=<analytics server install root>\<version>\apache\conf\openssl.cnf
openssl.exe genrsa -des3 -out yourserver.key 1024
# Enter and re-enter passphrase when prompted
openssl.exe rsa -in
yourserver.key -out yourserver.key

Generate a CSR

Run the following command

openssl.exe req -new -key yourserver.key -out yourserver.csr
# Enter values for the requested fields when prompted

Create self-signed certificate

Run the following command:

openssl.exe x509 -req -days 365 -in yourserver.csr -signkey yourserver.key -out yourserver.crt


Self-signed certificates are not trusted and result in a client warning at the beginning of each session. All clients of servers which are using self-signed certificates will need to explicitly ignore the warning or add the certificate to the Trusted Root Certification Authorities store. Note that the Cloud Cruiser server is considered a client of the analytics server and also has this requirement when using a self-signed certificate on the analytics server.

Add a certificate to the Java runtime's default certificate store (required on Cloud Cruiser server if using a self-signed certificate on the analytics server)

Open an administrator command prompt and run the following commands:

  • cd "C:\Program Files\Java\jre7\bin"
  • keytool -importcert -keystore ..\lib\security\cacerts -file <path to>\yourserver.crt -alias tableau
    When prompted for keystore password, use default of: changeit

Add a certificate to the Trusted Root Certification Authorities store (required for all advanced analytics client machines if using a self-signed certificate on the analytics server)

  1. From a web browser, navigate directly to the analytics server portal and export the server certificate to a local file
  2. Run certmgr.msc
  3. Right-click Trusted Root Certification Authorities and select All Tasks > Import.
  4. Browse to the exported certificate and complete the import process.
Last modified



This page has no classifications.
© Copyright 2018 Hewlett Packard Enterprise Development LP