You must define settings in the workspace configuration file to create a CA-signed certificate.
Basic Settings
|
Setting |
Description |
Default Value |
|---|---|---|
|
action |
A comma-delimited list of actions to perform. Like most settings, this can be provided on the command line or in the configuration file. However, when specifying actions on the command line, you can opt to list actions after all settings, instead of using the actual |
|
|
ca-intermediate-cert-filename: |
The file name (not the full path) of the intermediate certificate file provided in response to a CSR. This file must be located in the cacerts folder inside the current workspace. If none of the |
|
|
The file name (not full path) of the certificate response file provided in response to a CSR. This file must be located in the cacerts folder inside the current workspace. If none of the |
||
|
csr-filename |
The file name of the CSR file to create or use |
cvct.csr |
|
days-valid |
The number of days that a signed certificate will remain valid from the day it is created. Some major web browsers will no longer recognize certificates that have a validity period of greater than 398 days. The recommended value for this setting is 397 days. |
397 |
|
distinguished-name |
The distinguished name to use when creating a CSR. A distinguished name uniquely identifies the entity that a certificate is associated with. It typically contains a Common Name, Organizational Unit, Organization, and Country, but can contain many other fields as well. |
|
|
domain-name: |
The fully qualified domain name of the server to be associated with a CA-signed certificate |
|
|
instance |
The name of a Commvault instance. This is used to locate Commvault-installed components such as Tomcat and the JRE. |
instance001 |
|
keystore-alias |
An alias name used to identify your server certificate inside the keystore file. Alias names are arbitrary, but must be unique within a keystore. The same alias must be used throughout the entire process, from key generation to eventually configuring tomcat to use your CA-signed certificate |
tomcat |
|
keystore-filename |
The file name of the keystore to create or use. This setting is used by most actions. The same keystore is used throughout the entire process, from key generation to eventually configuring tomcat to use your CA-signed certificate. |
cvct-keystore.pfx |
|
keystore-password |
The password for the keystore. It must be at least 6 characters long and for compatibility purposes it should not contain special characters. You should use a strong password. |
|
|
keystore-type |
The type of keystore file to create or use. This should be "PKCS12" or "JKS". If the |
PKCS12 |
|
server-ip |
The IP address of the server that you want to associate with a CA-signed certificate. |
|
|
workspace |
The relative or absolute path of the workspace to use for performing actions. |
Advanced Settings
These settings are for troubleshooting and other advanced usage. They should be left on default values under normal circumstance.
|
Setting |
Description |
Default Value |
|---|---|---|
|
allow-invalid-certs: |
If set to true, the |
false |
|
extension |
If this setting is configured, its value is used in place of the |
|
|
force-actions |
If set to true, the safety checks that normally prevent certain actions from being repeated are disabled. This can lead to keystores and other files being overwritten if used improperly. |
false |
|
keyalg |
The algorithm to generate a new key pair. |
DSA |
|
keysize |
The size of the new key pair in bits. |
2048 |
|
keytool-executable-path |
The absolute path of the keytool utility to use for various certificate and keystore operations. If it is not provided, the Commvault-installed copy of keytool will be used. |
|
|
log-stacktraces |
If set to true, logs additional information for debugging purposes. |
false |
|
skip-validate-keystore |
Normally the |
false |