HP e-Commerce / XML director server appliance sa8250 - Users Guide
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide
292
Generating a CRL
NOTE: To acquire a
copy of OpenSSL for your
environment, access the
OpenSSL website at
http://www.openssl.org.
This procedure shows how to generate a Certificate Revocation List
(CRL) using OpenSSL. The SA8250 cannot use CRLs with more
than 10,000 serial numbers.
1. If you have not already done so, create a working directory where
all the keys and certificates will be stored.
2. If you have not already done so, copy the file
openssl.cnf
from the openSSL source directory.
3. Create a private key for the SA8250 CA certificate by typing this
command:
openssl genrsa -out ca_key.pem 1024
NOTE: Most of these
commands use the
openssl.cnf file. Make
sure the information
presented in this file is
accurate and that it
reflects the directory
structure used. Filenames
and directory names are
both important for these
commands to work
properly. For more
information on how to use
openssl, visit http://
www.openssl.org.
4. Create the CA certificate SA8250 by typing this command:
openssl req -new -x509 -config openssl.cnf -key
key.pem -out ca_cert.pem
5. Import this file to the SA8250.
6. Create a private key for the signing request by typing this
command:
openssl genrsa -out clientkey1.pem 1024
7. Generate a signing request by typing this command:
openssl req -new -config openssl.cnf -key
clientkey1.pem -out clientrequest1.pem
8. Repeat steps (6) and (7) above for each additional client
certificate, incrementing
clientrequest1.pem by one digit
each time.
9. Sign all the requests generated above by typing this command:
openssl ca keyfile ca_key.pem -cert ca_cert.pem
-infiles clientrequest1.pem clientrequest2.pem
clientrequest3.pem ...
10.For all client certificates, create a CRL by typing this command:
openssl ca -gencrl -out crl.pem
11. Import this file to the SA8250.