Lantronix PremierWave XC PremierWave XC - User Guide - Page 96

Obtaining Certificates, Self-Signed Certificates, Certificate Formats, OpenSSL, PremierWave XC.

Get Lantronix PremierWave XC PDF manuals and user guides View all Lantronix PremierWave XC manuals
Add to My Manuals
Save this manual to your list of manuals

Page 96 highlights

14: Security in Detail the exception of the root CA. This way, trust is transferred along the chain, from the root CA through any number of intermediate authorities, ultimately to the agent that needs to prove its authenticity. Obtaining Certificates Signed certificates are typically obtained from well-known CAs, such as VeriSign. This is done by submitting a certificate request for a CA, typically for a fee. The CA will sign the certificate request, producing a certificate/key combo: the certificate contains the identity of the owner and the public key, and the private key is available separately for use by the owner. As an alternative to acquiring a signed certificate from a CA, you can act as your own CA and create self-signed certificates. This is often done for testing scenarios, and sometimes for closed environments where the expense of a CA-signed root certificate is not necessary. Self-Signed Certificates A few utilities exist to generate self-signed certificates or sign certificate requests. The PremierWave XC also has the ability to generate its own self-signed certificate/key combo. You can use XML to export the certificate in PEM format, but you cannot export the key. Hence the internal certificate generator can only be used for certificates to identify that particular PremierWave XC. Certificate Formats Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM. Certificate and key can be in the same file or in separate files. Additionally, the key can be either be encrypted with a password or left in the clear. However, the PremierWave XC currently only accepts separate PEM files, with the key unencrypted. Several utilities exist to convert between the formats. OpenSSL OpenSSL is a widely used open source set of SSL related command line utilities. It can act as server or client. It can also generate or sign certificate requests, and can convert from and to several different of formats. OpenSSL is available in binary form for Linux and Windows. To generate a self-signed RSA certificate/key combo: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mp_key.pem -out mp_cert.pem See www.openssl.org or www.madboa.com/geek/openssl for more information. Note: Signing other certificate requests is also possible with OpenSSL but the details of this process are outside the scope of this document. PremierWave XC User Guide 96

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
14: Security in Detail
PremierWave XC User Guide
96
the exception of the root CA. This way, trust is transferred along the chain, from the root CA
through any number of intermediate authorities, ultimately to the agent that needs to prove its
authenticity.
Obtaining Certificates
Signed certificates are typically obtained from well-known CAs, such as VeriSign.
This is done by
submitting a certificate request for a CA, typically for a fee.
The CA will sign the certificate
request, producing a certificate/key combo: the certificate contains the identity of the owner and
the public key, and the private key is available separately for use by the owner.
As an alternative to acquiring a signed certificate from a CA, you can act as your own CA and
create self-signed certificates. This is often done for testing scenarios, and sometimes for closed
environments where the expense of a CA-signed root certificate is not necessary.
Self-Signed Certificates
A few utilities exist to generate self-signed certificates or sign certificate requests. The
PremierWave XC also has the ability to generate its own self-signed certificate/key combo. You
can use XML to export the certificate in PEM format, but you cannot export the key. Hence the
internal certificate generator can only be used for certificates to identify that particular
PremierWave XC.
Certificate Formats
Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER
and PEM. Certificate and key can be in the same file or in separate files. Additionally, the key can
be either be encrypted with a password or left in the clear. However, the PremierWave XC
currently only accepts separate PEM files, with the key unencrypted.
Several utilities exist to convert between the formats.
OpenSSL
OpenSSL is a widely used open source set of SSL related command line utilities. It can act as
server or client. It can also generate or sign certificate requests, and can convert from and to
several different of formats.
OpenSSL is available in binary form for Linux and Windows.
To generate a self-signed RSA certificate/key combo:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mp_key.pem
-out mp_cert.pem
See
www.openssl.org or www.madboa.com/geek/openssl
for more information.
Note:
Signing other certificate requests is also possible with OpenSSL but the details of
this process are outside the scope of this document.