Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
221222223224225226227228229230
Virtual Private Networking
222
.. or under Linux:
touch rootCA/index.txt
Create the CA certificate, omit the –nodes option if you want to use a password to
secure the CA key:
openssl req -config openssl.cnf -new -x509 -keyout
rootCA/ca.key -out rootCA/ca.pem -days DAYS_VALID -nodes
.. where DAYS_VALID is the number of days the root CA is valid for.
Create local certificate pairs
For each local certificate you wish to create, there are two steps.
First, create the certificate request:
openssl req -config openssl.cnf -new -keyout cert1.key -out
cert1.req
Enter a PEM pass phrase (this is the same pass phrase required when you upload the
key to the SG unit) and then the certificate details. All but the Common Name are
optional and may be omitted.
Second, sign the certificate request with the CA:
openssl ca -config openssl.cnf -out cert1.pem -notext -infiles
cert1.req
You now have a local certificate pair, the local public certificate cert1.pem and the local
private key certificate cert1.key, ready to use in the SG unit.
For each certificate required, change the cert1.* filenames appropriately.
Using certificates with Windows IPSec
To create certificates to use with IPSec on a Windows system, first follow the previous
instructions in Creating a CA certificate and Creating local certificate pairs.