Table of Contents
Advertisement
Create an empty CA database file under Windows:
type nul > rootCA/index.txt
.. or under Linux:
touch rootCA/index.txt
Create the CA certificate, omit the –nodes option if you want to use a password to
secure the CA key:
openssl req -config openssl.cnf -new -x509 -keyout
rootCA/ca.key -out rootCA/ca.pem -days DAYS_VALID -nodes
.. where DAYS_VALID is the number of days the root CA is valid for.
Create local certificate pairs
For each local certificate you wish to create, there are two steps.
First, create the certificate request:
openssl req -config openssl.cnf -new -keyout cert1.key -out
cert1.req
Enter a PEM pass phrase (this is the same pass phrase required when you upload the
key to the CyberGuard SG appliance) and then the certificate details. All but the
Common Name are optional and may be omitted.
Second, sign the certificate request with the CA:
openssl ca -config openssl.cnf -out cert1.pem -notext -infiles
cert1.req
You now have a local certificate pair, the local public certificate cert1.pem and the local
private key certificate cert1.key, ready to use in the CyberGuard SG appliance.
For each certificate required, change the cert1.* filenames appropriately.
Virtual Private Networking
220
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SG300 and is the answer not in the manual?
Questions and answers