Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
Table of Contents |
---|
Introduction
The Data Generator utility generates deployment-specific private keys, certificates, and keystores as needed by the web application portion of the Direct Certificate Discovery Tool.
The user is required to specify the target deployment domain at runtime, as explained below.
Command Line
The utility is invoked on the command line:
$ ./datagen.sh --help
Usage:
datagen [--help -d <name> -o <path>]
--help Print help information.
-d (--domain) name Domain name to generate certificates for.
-o (--out) path Path to the output archive file.
Required Options
-d (--domain) name Domain name to generate certificates for.
Optional Options
-o (--out) path Path to the output archive file.
- The default value of the -o (--out) option is: <script path>/../out/datagen/<domain>-data.zip
Example
$ ./datagen.sh -d localhost
Successfully built Certificate Authority (CA) entry: name=localhost_ca, path=ca, keyBits=1024, validDays=365, dn={CN=localhost_ca,O=localhost_ca}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts500_valid_cert_record, path=, keyBits=1024, validDays=365, dn={E=dts500@direct1.localhost,CN=dts500_valid_cert_record,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=othercert, path=, keyBits=1024, validDays=365, dn={E=othercert@direct1.localhost,CN=othercert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_valid, path=, keyBits=1024, validDays=365, dn={E=direct1.localhost,CN=dts501_valid,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=direct9.localhost, path=, keyBits=1024, validDays=365, dn={E=direct9.localhost,CN=direct9.localhost,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts500_valid_ldap, path=, keyBits=1024, validDays=365, dn={E=dts500@direct1.localhost,CN=dts500_valid_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_valid_ldap, path=, keyBits=1024, validDays=365, dn={E=direct1.localhost,CN=dts501_valid_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_expired, path=, keyBits=1024, validDays=0, dn={E=dts501@direct1.localhost,CN=dts501_expired,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts502, path=, keyBits=4096, validDays=365, dn={E=dts502@direct1.localhost,CN=dts502,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts505_expired_cert_record, path=, keyBits=1024, validDays=0, dn={E=dts505@direct2.localhost,CN=dts505_expired_cert_record,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts505_mac, path=, keyBits=1024, validDays=365, dn={E=dts505@direct2.localhost,CN=dts505_mac,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_mac, path=, keyBits=1024, validDays=365, dn={E=direct2.localhost,CN=dts515_mac,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_address_bound, path=, keyBits=1024, validDays=365, dn={E=dts515@direct2.localhost,CN=dts515_address_bound,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts506_ldap_1_mac, path=, keyBits=1024, validDays=365, dn={E=dts506@direct2.localhost,CN=dts506_ldap_1_mac,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts506_ldap_2, path=, keyBits=1024, validDays=365, dn={E=dts506@direct2.localhost,CN=dts506_ldap_2,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts507, path=, keyBits=1024, validDays=365, dn={E=dts507@direct3.localhost,CN=dts507,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts517, path=, keyBits=1024, validDays=365, dn={E=dts517@direct3.localhost,CN=dts517,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_address_cert, path=, keyBits=1024, validDays=0, dn={E=dts520@direct5.localhost,CN=dts520_invalid_address_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_domain_cert, path=, keyBits=1024, validDays=0, dn={E=direct5.localhost,CN=dts520_invalid_domain_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_address_ldap, path=, keyBits=1024, validDays=0, dn={E=dts520@direct5.localhost,CN=dts520_invalid_address_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_domain_ldap, path=, keyBits=1024, validDays=0, dn={E=direct5.localhost,CN=dts520_invalid_domain_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts512_expired_address_cert, path=, keyBits=1024, validDays=0, dn={E=dts512@direct6.localhost,CN=dts512_expired_address_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=expired_direct6_domain_cert, path=, keyBits=1024, validDays=0, dn={E=direct6.localhost,CN=expired_direct6_domain_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_valid_add_ldap, path=, keyBits=1024, validDays=365, dn={E=dts501@direct1.localhost,CN=dts501_valid_add_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=direct2.localhost_invalid_dns, path=, keyBits=1024, validDays=0, dn={E=direct2.localhost,CN=direct2.localhost_invalid_dns,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_invalid_dns_address, path=, keyBits=1024, validDays=0, dn={E=dts515@direct2.localhost,CN=dts515_invalid_dns_address,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_invalid_ldap_address, path=, keyBits=1024, validDays=0, dn={E=dts515@direct2.localhost,CN=dts515_invalid_ldap_address,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully wrote output file: out/datagen/localhost-data.zip
Deployment
- The generated zip file contains all of the private keys, certificates, and keystores needed for all of the Tool test cases.
- Each certificate must be placed in its correct destination (DNS, LDAP service, address-bound, domain-bound) in accordance with the Installation Worksheet.
- The Data Loader and LDAP Loader utilities completely automate this process and are recommended to be used, if possible.