Wiki Admin

dsssslgen - DSS 6 | Data Source Solutions Documentation

Export as HTML Export as PDF Export as DOCX
Edit

Documentation: dsssslgen - DSS 6 | Data Source Solutions Documentation

dsssslgen

Usage

<b>dsssslgen</b> [<b>-</b><em>options</em>] <em>fname</em> <em>subj</em>

Description

Command dsssslgen generates a public certificate, a private key, and a private key password required for the TLS Connection. These files together with the private key password are required for establishing a secure encrypted connection between the DSS hub and remote locations. Both files (private key and public key) are needed on the remote machine, however, only the public key file must be copied to the hub machine.

By default, the generated key's length is 2048 bits, and the private key is encrypted using aes-256-cbc algorithm and the SSL certificate is signed using sha256 hash algorithm. This can be customized by using the options available for dsssslgen.

Command argument fname is used for naming the key files. The public certificate file is named fname.pub_cert and the corresponding private key file is named fname.priv_key.

The second argument subj is written as plain text into the subject field of the X509 public certificate file and serves for reference purposes only. If argument subj contains two or more words with space between them, then it must be enclosed in double quotes. For example, "Certificate for Cloud".

For establishing a secure encrypted connection between the DSS Hub and DSS Agent, the certificate and key files are generated automatically. So, manually generating them using dsssslgen may be required only for troubleshooting/recovery in case of any issues. For more information about agent connection, see the DSS Agent concept page.

Options

This section describes the options available for the command dsssslgen.

Parameter Description
-abits

Generate an asymmetric (RSA) key pair with length bits.

The default is 2048 bits.
-ddir Generate files in directory dir instead of current directory.
-eenc_alg

Encrypt the private key using an internal password with encryption algorithm enc_alg.

Valid values for enc_alg are:

  • aes-128-cbc
  • aes-192-cbc
  • aes-256-cbc default
  • aes-128-cfb
  • aes-192-cfb
  • aes-256-cfb
  • aes-128-ecb
  • aes-192-ecb
  • aes-256-ecb
  • des-56-cbc
  • des-168-cbc
-hhash_alg

Sign the SSL certificate using hash algorithm hash_alg.

Valid values for hash_alg are:

  • sha1
  • sha256 default

  • sha512

  • md5

Example

Run the following command to generate the private key and public certificate key pair, as well as a password for the private key:

dsssslgen MyCertificate "Certificate for Cloud"

If you are configuring the DSS hub server's TCP listening port to use an HTTPS connection, the password generated in the command output must be supplied along with the private key and public certificate.

Sample output:

dsssslgen: DSS 6.1.0/7 (linux_glibc2.17-x64-64bit)

dsssslgen: Generating SSL key pair...

dsssslgen: Generating SSL key pair completed.

dsssslgen: Certificate subject: 'DSS Certificate for Cloud'

dsssslgen: Certificate contains 2048 bit RSA Public Key.

dsssslgen: Certificate valid from Jun 29 08:51:54 2022 GMT

dsssslgen: Certificate valid until Jun 24 08:51:55 2042 GMT

dsssslgen: Public Certificate written to 'MyCertificate.pub_cert'.

dsssslgen: Private key written to 'MyCertificate.priv_key'.

dsssslgen: Private key password: uSMxU9gcSZr/wEFk+OyJQk7LGEK5hyPGBOZcsfsO

dsssslgen: Finished. (elapsed=0.06s)