Step 2: Create the local signature config file

Edge for Private Cloud v4.19.01

After you create the local private key for a node, create its signature configuration file. Each node must have its own version of the signature configuration file.

The following example shows the syntax for a signature configuration file:

[req]
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no

[ req_distinguished_name ]
C=COUNTRY_NAME
ST=STATE_NAME
L=CITY_NAME
O=ORG_OR_BUSINESS_NAME
OU=ORG_UNIT
CN=ORG_DEPARTMENT

[ req_attributes ]

[ cert_ext ]
subjectKeyIdentifier=hash
keyUsage=critical,keyEncipherment,dataEncipherment
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=@alt_names

[alt_names]
DNS.1=localhost
DNS.2=ipv4-localhost
DNS.3=ipv6-localhost
DNS.4=cli.[dc-1|dc-2].consul
DNS.5=client.[dc-1|dc-2].consul
DNS.6=server.[dc-1|dc-2].consul
DNS.7=FQDN
# ADDITIONAL definitions, as needed:
DNS.8=ALT_FQDN_1
DNS.9=ALT_FQDN_2

# REQUIRED (at least 1 IP address plus localhost definitions)
IP.1 = IP_ADDRESS
IP.2=0.0.0.0
IP.3=127.0.0.1
IP.4=::1
# ADDITIONAL definitions, as needed:
IP.5=ALT_IP_ADDRESS_1
IP.6=ALT_IP_ADDRESS_2
...

The following table describes the properties in the signature configuration file:

Property Required? Description
C A two-letter code for the nation in which the server is running.
ST The state/province in which the server is running.
L The city in which the server is running.
O The name of the business running the server.
OU Sub-division within the business.
CN Sub-division within the business.
DNS.[1...] DNS servers used by Consul. You must set DNS.1 through DNS.7.

For single data center configurations, use dc-1, as the following example shows:

...
[alt_names]
DNS.1=localhost
DNS.2=ipv4-localhost
DNS.3=ipv6-localhost
DNS.4=cli.dc-1.consul
DNS.5=client.dc-1.consul
DNS.6=server.dc-1.consul
DNS.7=FQDN
...

FQDN is the Fully Qualified Domain Name of the network server that will use this certificate. For example, nickdanger.la.corp.example.com.

To get the FQDN on a Linux server, use the following command:

hostname --fqdn

For multi-data center configurations, use either dc-1 or dc-2, depending on the REGION value in the node’s local silent.conf file. For more information, see Configure multiple data centers.

IP.[1...]

Set IP.1 to the valid IPv4 address that every member of the cluster (including cross-data center traffic) observes this node as.

In addition, Apigee requires that you include the following localhost definitions:

# REQUIRED (at least 1 IP address plus localhost definitions)
IP.1=216.3.128.12
IP.2=0.0.0.0
IP.3=127.0.0.1
IP.4=::1

If the node uses more than one IP address to communicate with other nodes, then specify additional IP addresses, each on a separate line; for example:

# REQUIRED (at least 1 IP address plus localhost definitions)
IP.1=216.3.128.12
IP.2=0.0.0.0
IP.3=127.0.0.1
IP.4=::1
# ADDITIONAL definitions, as needed:
IP.5=192.0.2.0
IP.6=192.0.2.1

Next Step

1 2 NEXT: (3) Build the request 4 5