Technical information

ManualsBrandsMotorola ManualsNetwork CardW24

141

142

143

144

145

146

147

148

149

150

Chapter 2: AT+i Commands Reference

May 31, 2008 AT+i Commands Reference Manual 2-99

command to prompt the user for all information regarding the certificate request. Set the

environment variable to the default file by typing the following:

• On Linux\Unix:

OPENSSL_CONF=/OpenSSL/apps/openssl.cnf

export OPENSSL_CONF

• On Windows:

set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf

2. Generate the request with the following single line command and answer all questions at the

prompt:

openssl req -newkey rsa:1024 -keyout myprivkey.pem -keyform

PEM -out myreq.pem -outform PEM

If you do not want an encrypted private key, add -nodes to the above command. At the conclusion

of this step two new files are created. The myprivkey.pem file contains the encrypted private key.

This file must never be shared, not even with the CA. The other file is the certificate request file,

myreq.pem, which will be used by the CA to create the final signed certificate.

Using the Test CA to Issue the Certificate

The final step of the process is to use the CA self-signed certificate to sign the certificate and

return it to the originator of the request (subject).

1. Reset the OPENSSL_CONF system environment variable to reference the CA configuration

file again.

• On Linux\Unix type the following:

OPENSSL_CONF=/testCA/CAcnf.cnf

export OPENSSL_CONF

• On Windows type the following:

set OPENSSL_CONF=C:\testCA\CAcnf.cnf

Make sure that the request file is in the current directory and run the following command. The

PEM password you are prompted to enter is the password for the CA private key file:

openssl ca -in myreq.pem

You will be requested to enter the pass phrase for the CA private key that was generated above.

Enter the pass phrase to continue.

Answer 'y' at the next two prompts, then at the conclusion of this step several files are updated

and a new certificate is created.

The new certificate can be found in the certs sub-directory. It is named as the serial number it is

associated with by the CA. The file can be renamed, but the .pem extension must be preserved for

clarity. The serial file itself increments its count for the next certificate request and the index.txt

file shows a record of the creation. The new certificate file and the myprivkey.pem file are now

suitable for use by an SSL server to which W24 needs to connect. As mentioned above, the W24

+iCA parameter must contain the CA certificate cacert.pem used to sign the server's certificate.