Tripp Lite B097048INT Owners Manual for B093- B097- and B098-Series Console Se - Page 36
Prepare a USB Drive and Create the X.509 Certificate and Private Key, client.pem, ca-bundle.crt
View all Tripp Lite B097048INT manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
3. System Configuration Prepare a USB Drive and Create the X.509 Certificate and Private Key • Generate the CA certificate so the client and server Certificate Signing Requests (CSRs) can be signed. # cp /etc/ssl/openssl.cnf . # mkdir -p exampleCA/newcerts # echo 00 > exampleCA/serial # echo 00 > exampleCA/crlnumber # touch exampleCA/index.txt # openssl genrsa -out ca.key 8192 # openssl req -new -x509 -days 3650 -key ca.key -out demoCA/cacert.pem \ -subj /CN=ExampleCA # cp demoCA/cacert.pem ca-bundle.crt Note: This procedure generates a certificate called ExampleCA, but any allowed certificate name can be used. Also, this procedure uses openssl ca. If your organization has an enterprise-wide, secure CA generation process, that should be used instead. • Generate the server certificate. # openssl genrsa -out server.key 4096 # openssl req -new -key server.key -out server.csr -subj /CN=demo.example.com # openssl ca -days 365 -in server.csr -out server.crt \ -keyfile ca.key -policy policy_anything -batch -notext Note: The hostname or IP address must be the same string as will be used in the serving URL. In the example above, the hostname is demo.example.com. • Generate the client certificate. # openssl genrsa -out client.key 4096 # openssl req -new -key client.key -out client.csr -subj /CN=ExampleClient # openssl ca -days 365 -in client.csr -out client.crt \ -keyfile ca.key -policy policy_anything -batch -notext # cat client.key client.crt > client.pem • Format a USB flash drive as a single FAT32 volume. • Move the client.pem and ca-bundle.crt files onto the flash drive's root directory. 36