Netgear SRX5308 Generating a Self Certificate Request Using OpenSSL
Netgear SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Manual
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear SRX5308 manual content summary:
- Netgear SRX5308 | Generating a Self Certificate Request Using OpenSSL - Page 1
to configure a self certificate request (CSR) on one WAN interface of a NETGEAR FVX538 or FVS338 ProSafe VPN Firewall using OpenSSL to create the certificate authority. The procedure is the same for both models. This application note is an updated version using the version 2.x router firmware. The - Netgear SRX5308 | Generating a Self Certificate Request Using OpenSSL - Page 2
save it. Creating the Certificate Authority (CA) Using OpenSSL Commands This section describes how to create the CA that is used for signing the certificate request. 1. Create an RSA key pair, for example ca.key, by typing the following command where OpenSSL is installed: $ openssl genrsa -des3 -out - Netgear SRX5308 | Generating a Self Certificate Request Using OpenSSL - Page 3
an Active Self Certificate by signing the CSR with the Trusted Certificate created in Step 2 by typing the following command: $ openssl x509 certificate request and certificate authority. This lets you create VPN tunnels using certificate authentication. November 27, 2006 Copyright © 2006 NETGEAR
Application Note
Generating a Self Certificate Request Using OpenSSL
for an FVX538 or FVS338 ProSafe® VPN Firewall
Summary
This application note describes how to configure a self certificate request (CSR) on one
WAN interface of a NETGEAR FVX538 or FVS338 ProSafe VPN Firewall using
OpenSSL to create the certificate authority. The procedure is the same for both models.
This application note is an updated version using the version 2.x router firmware. The
older version of this application note describes the procedure using version 1.x firmware.
Procedure
This procedure was developed and tested using:
•
NETGEAR FVX538 ProSafe VPN Firewall with version 2.x firmware
o
IP address subnet:
192.168.1.1; 255.255.255.0
The procedure includes how to generate a self certificate request, and then how to use
OpenSSL commands to create the certificate authority.
Generating a Self Certificate Request
You can create a CSR from the
Generate Self Certificate Request
section of the
VPN
> Certificates
page (certificates.htm) by specifying the values in this procedure.
1.
In the Name field, type a name for the certificate (for example, cert1).
2.
In the Subject field, type an appropriate subject (for example, FVX538).
3.
From the Hash Algorithm drop-down menu select the appropriate algorithm (for
example, MD5).
4.
From the Signature Algorithm drop-down menu, select the RSA algorithm.
5.
From the Signature Key Length drop-down menu, select the appropriate key length
(for example, 512).
6.
In the IP Address field (optional), you can type an IP address or leave it blank.
7.
In the Domain Name field (optional), you can type a domain name or leave it blank.
8.
In the E-Mail Address field (optional), you can type an email address or leave it
blank.