Manualshelf

User's Manual

ManualsBrandsIngenu ManualsElectronicsULP Tracker
16171819202122232425
LKS User Guide Creating SSL Certificates
On-Ramp Wireless Confidential and Proprietary 19 010-0059-00 Rev. A
Email Address []:support@onrampwireless.com
A challenge password []:<leave blank>
An optional company name []:<leave blank>
5. After the CSR file has been created, transfer the CSR file to a secure server acting as a
certificate authority that has the CA private key and certificate.
6. On the secure server, sign the CSR using the CA’s certificate and private key to generate the
LKS’s certificate file (lks_cert.crt). Note that the following example should be typed all on
one line and that some of the filenames are user-defined.
Example:
openssl x509 req days <365> in <lks_cert.csr> CA <ca_cert.crt>
CAkey <ca_key.priv.pem> set_serial <0001> out <lks_cert.crt>
NOTE 1:
The 365-day value was selected arbitrarily. Longer or shorter periods can be
used.
NOTE 2:
The serial number 0001 was chosen arbitrarily. However, if the same serial
number is used again, it can create issues with clients that have cached the
server certificate information. As a precaution, it is recommended that the serial
number be rolled every time a new server certificate is generated.
7. Transfer the CA certificate (but not the keys) and the LKS certificate from the dedicated
security server back to the LKS machine.
8. On the LKS machine, copy the CA certificate, the LKS certificate, and the LKS keys to the
appropriate location on the LKS. Typically, this is the same directory as where the LKS scripts
were installed (for example, /opt/onramp/lks).