Appendix
240
Self-Signed Private Certificates
If you wish to create your own self-signed encryption key and certificate, a free
utility – openssl.exe – is available for download over the web at
www.openssl.org
. To create your private key and certificate do the following:
1. Go to the directory where you downloaded and extracted
openssl.exe
to.
2. Run openssl.exe with the following parameters:
openssl req -new -newkey rsa:1024 -days 3653 -nodes -x509
-keyout CA.key -out CA.cer -config openssl.cnf
Note:
1. The command should be entered all on one line (i.e., do not press
[Enter] until all the parameters have been keyed in).
2. If there are spaces in the input, surround the entry in quotes (e.g.,
“ATEN International”).
To avoid having to input information during key generation the following
additional parameters can be used:
/C /ST /L /O /OU /CN /emailAddress
.
Examples
openssl req -new -newkey rsa:1024 -days 3653 -nodes -x509
-keyout CA.key -out CA.cer -config openssl.cnf -subj
/C=yourcountry/ST=yourstateorprovince/L=yourlocationor
city/O=yourorganiztion/OU=yourorganizationalunit/
CN=yourcommonname/emailAddress=name@yourcompany.com
openssl req -new -newkey rsa:1024 -days 3653 -nodes -x509
-keyout CA.key -out CA.cer -config openssl.cnf -subj
/C=CA/ST=BC/L=Richmond/O="ATEN International"/OU=ATEN
/CN=ATEN/emailAddress=eservice@aten.com.tw
Importing the Files
After the openssl.exe program completes, two files – CA.key (the private key)
and CA.cer (the self-signed SSL certificate) – are created in the directory that
you ran the program from. These are the files that you upload in the
Private
Certificate
panel of the Security page (see page 180).