CyberGuard SG300 User Manual page 223

.. where pksc12_file is the PKCS12 file issued by the CA and local_certificate.pem is
the local public key certificate to be uploaded into the CyberGuard SG appliance.
When the application prompts you to Enter Import Password, enter the password used
to create the certificate. If none was used simply press enter.
To extract the local private key certificate type, enter the following at the Windows
command prompt:
openssl pkcs12 -nomacver -nocerts -in pkcs12_file -out
local_private_key.pem
.. where pksc12_file is the PKCS12 file issued by the CA and local_private_key.pem is
the local private key certificate to be uploaded into the CyberGuard SG appliance.
When the application prompts you to Enter Import Password, enter the password used
to create the certificate. If none was used simply press enter. When the application
prompts you to Enter PEM pass phrase, choose a secure pass phrase that is greater
than 4 characters long. This is the pass phrase used to secure the private key file, and is
the same pass phrase you enter when uploading the private key certificate into the
CyberGuard SG appliance. Verify the pass phrase by typing it in again.
The CyberGuard SG appliance also supports Certificate Revocation List (CRL) files. A
CRL is a list of certificates that have been revoked by the CA before they have expired.
This may be necessary if the private key certificate has been compromised or if the
holder of the certificate is to be denied the ability to establish a tunnel to the CyberGuard
SG appliance.
Creating certificates
There are two steps to create self-signed certificates. First, create a single CA certificate,
second, create one or more local certificate pairs and sign them with the CA certificate.
Create a CA certificate
Create the CA directory:
mkdir rootCA
Create the serial number for the first certificate:
echo 01 > rootCA/serial
Virtual Private Networking
219