HP Cisco MDS 9140 Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 256
Generating CA Certificates
View all HP Cisco MDS 9140 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 256 highlights
Generating CA Certificates Appendix D RSA Key Manager and Cisco SME Send documentation comments to [email protected] Generating CA Certificates Generating CA certificates requires access to an OpenSSL system. You can obtain a Windows version at http://gnuwin32.sourceforge.net/packages/openssl.htm. The files that are created during this process are stored in the /bin directory of the OpenSSL program. To generate CA certificates, do the following: Step 1 Step 2 Double-click openssl.exe in the directory. Create the key using the OpenSSL application. Enter the following command: OpenSSL> genrsa -out rt.key 1024 Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus e is 65537 (0x10001) Step 3 Set how long the certificate will be valid. Keep track of this date. Note Use a different common name for the client and server certificates. OpenSSL> req -new -key rt.key -x509 -days 365 -out rt.cert You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:home Email Address []: Step 4 Create the proper pkcs12 certificate. The export password is the password needed by the Cisco SME RSA installation. OpenSSL> pkcs12 -export -in rt.cert -inkey rt.key -out rt.p12 Loading 'screen' into random state - done Enter Export Password: Verifying - Enter Export Password: Step 5 Generate a new key for the client. OpenSSL> genrsa -out client.key 1024 Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus e is 65537 (0x10001) Step 6 Create the client.csr file. This is the owner. The common name must be different from the issuer home. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-2 OL-18091-01, Cisco MDS NX-OS Release 4.x