Manualshelf

Server User Manual

ManualsBrandsEureka ManualsServerOL-8880-01
12345678910
2-5
WLSE Express AAA Server Certificate Configuration Guide
OL-8880-01
Chapter 2 Generating Certificates
Generating Certificates with OpenSSL
Use the following command to display the certificate:
openssl x509 –in ./ca/certs/root-cert.pem –text
Converting a CA Certificate to PKCS#12
Use the following command sequence to convert a CA certificate to PKCS#12 format. This process is
useful for importing a CA certificate to a Windows PC for testing purposes.
cat ./ca/certs/root-cert.pem ./ca/private/root-key.pem > ./ca/private/root-all.pem
openssl pkcs12 -export -in ./ca/private/root-all.pem -out ./ca/certs/root-cert.p12
Creating a Server Certificate Request and RSA Key
Use the following command sequence to create a server certificate request and RSA key.
openssl req -newkey rsa:1024 -keyout ./ca/private/server-key.pem -keyform PEM
-out ./ca/reqs/server-req.pem -outform PEM -config ./openssl.cnf
Creating a Server Certificate from the Request
Use the following command sequence to create a server certificate from the request and reference the
certificate extensions file and required server certificate extension.
openssl x509 -req -days 365 -in ./ca/reqs/server-req.pem -CA ./ca/certs/root-cert.pem
-CAkey ./ca/private/root-key.pem -CAserial ./ca/serial -extfile ./ca/cert-exts.cnf
-extensions server_exts -out ./ca/certs/server-cert.pem
Use the following command to display the server certificate:
openssl x509 –in ./ca/certs/server-cert.pem –text
Creating a Client Certificate Request
Use the following command sequence to create a client certificate request.
openssl req -days 365 -newkey rsa:1024 -keyout ./ca/private/client-key.pem -keyform PEM
-out ./ca/reqs/client-req.pem -outform PEM -config ./openssl.cnf
Creating a Client Certificate from the Request
Use the following command sequence to create a client certificate from the request and reference the
certificate extensions file and required client certificate extension.
openssl x509 -req -days 365 -in ./ca/reqs/client-req.pem -CA ./ca/certs/root-cert.pem
-CAkey ./ca/private/root-key.pem -CAserial ./ca/serial -extfile ./ca/cert-exts.cnf
-extensions client_exts -out ./ca/certs/client-cert.pem