Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XVI. System Administration
  4. SSL Certificate Configuration
  5. Create a self-signed SSL certificate

Create a self-signed SSL certificate

Use OpenSSL open source software to create your self-signed certificate. For more information on creating self-signed certificates using OpenSSL, refer to the FAQs and documentation on the OpenSSL site at www.openssl.org.

The instructions and examples in this section are applicable for the Linux operating system. OpenSSL also may be used with the Windows operating system. Check the OpenSSL web site for specific instructions. Note that the certificate is independent of the operating system under which it was created. A self-signed certificate created on a Linux computer may be installed on a Windows web server.

You can create a self-signed certificate with multiple options depending on how you want to configure your certificate. Use the following OpenSSL command to create a self-signed certificate. The command creates two files: server.key and server.crt. You must install these files on the IT Analytics web server.

openssl req -newkey rsa:2048 -nodes -keyout server.key 
-x509 -days 365 -out server.crt

where

-x509 is used to create a certificate as opposed to a certificate request that is sent to a certificate authority

-days determines the number of days that the certificate is valid

-newkey rsa:2048 sets the key as 2048-bit RSA

-nodes specifies that no passkey will be used

-keyout specifies the name of the key file

-out specified the name of the certificate file

Example:

openssl req -newkey rsa:2048 -nodes -
keyout server.key -x509 -days 365 -out server.cert

Specify the following parameters for the command:

  • Country Name (2 letter code) [XX]: :

  • State or Province Name (full name) []:

  • Locality Name (eg, city) [Default City]:

  • Organization Name (eg, company) [Default Company Ltd]:

  • Organizational Unit Name (eg, section) []:

  • Common Name (eg, your name or your server's hostname) []:

  • Email Address []

Note:

The use of the -nodes option in the previous example creates a certificate that does not require a pass phrase. This makes it easier to install and use the certificate, but weakens the security of the certificate. If the certificate is created with a pass phrase, it must be entered when the certificate is installed and used.

The actual certificates get installed and configured on the Apache web server, however, in cases where the issuing certificate authority (CA) is not automatically trusted (such as self-signed certificates), the certificates need to be imported and trusted on the Data Collector server.

Once the self-signed certificates have been created, configure the Data Collector to trust the certificate.

Feedback

Was this page helpful?
Previous

Test and troubleshoot SSL configurations

Next

Configure the Data Collector to trust the certificate

Feedback

Was this page helpful?