Grandstream Networks GWN7000 Configuration Manual page 10

Key Length
Digest Algorithm
Lifetime (days)
Country Code
State or Province
City
Organization
Email Address
3. Click on
Click on button to export the server certificate file in ".crt" format.
Click on button to export the server key file in ". key" format.
Click on button to revoke the server certificate if no longer needed.
Notes:
•
The server certificates (.crt and .key) will be used by the GWN7000 when acting as a server.
•
The server certificates (.crt and .key) can be exported and used on another OpenVPN® server.
❖ Creating Client Certificate
To create client certificate, follow below steps:
Choose the key length for generating the server certificate.
Following values are available:
•
1024: 1024-bit keys are no longer sufficient to protect
against attacks. Not recommended.
•
2048: 2048-bit keys are a good minimum. Recommended.
•
4096: 4096-bit keys are accepted by nearly all RSA
systems. Using 4096-bit keys will dramatically increase
generation time, TLS handshake delays, and CPU usage for
TLS operations.
Choose the digest algorithm:
•
SHA1: This digest algorithm provides a 160-bit fingerprint
output based on arbitrary length input.
•
SHA-256: This digest algorithm generates an almost-
unique, fixed size 256-bit (32-byte) hash. Hash is a one-way
function – it cannot be decrypted back
Enter the validity date for the server certificate in days.
In our example, set to "120".
Select a country code from the dropdown list.
In our example, set to "MA".
Enter a state name or province.
In our example, set to "Casablanca".
Enter a city name.
In our example, set to "Casablanca".
Enter the organization name.
In our example, set to "GS".
Enter an email address.
In our example its "Cert@grandstream.com".
button after completing all the fields for the server certificate.
GWN7000 VPN Guide
P a g e | 10