How do I generate a key and a certificate?

Steps
 

Log in as the root user on the NSP, NFM-P VM, or alternative station, as required.


Open a console window.


Generate a private key. Enter the following command:

# openssl genrsa -out key.pem size_of_private_key

where

size_of_private_key is the size of the private key file. You have a choice of five sizes: 512, 758, 1024, 1536, or 2048 (these numbers represent bits). Larger sizes provide greater security, but at the expense of CPU performance. The recommended size is 1024.


Generate a certificate signing request (CSR).

  1. Enter the following:

    # openssl req -new -key key.pem -out csr.pem

    The following prompt is displayed:

    You are about to be asked to enter information that will be incorporated into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN. 

    There are quite a few fields but you can leave some blank.

    For some fields there will be a default value, If you enter '.', the field will be left blank.

    Country Name (2 letter code) [XX]:

  2. Enter the country name. The following prompt is displayed:

    State or Province Name (full name) []:

  3. Enter the state or province name. The following prompt is displayed:

    Locality Name (eg, city) [Default City]:

  4. Enter the locality name. The following prompt is displayed:

    Organization Name (eg, company) [Default Company Ltd]:

  5. Enter the organization name. The following prompt is displayed:

    Organizational Unit Name (eg, section) []:

  6. Enter the organizational unit name. The following prompt is displayed:

    Common Name (eg, your name or your server's hostname) []:

  7. Enter the name identifier. The following prompt is displayed:

    Email Address []:

  8. Enter the E-mail. The following prompt is displayed:

    Please enter the following 'extra' attributes to be sent with your certificate request

    A challenge password []:

  9. Enter the password. The folowing prompt is displayed:

    An optional company name []:

  10. Enter the company name. The utility generates a CSR file.


Generate a certificate. Enter the following command:

openssl x509 -req -days no_of_days -in csr.pem -signkey key.pem -out cert.pem

where

no_of_days is the number of days for which the certificate is to be valid.


Delete certificate signing request.

  1. Enter the following:

    # rm csr.pem

    The following prompt is displayed:

    rm: remove regular file ‘csr.pem’?

  2. Enter the response: Y.


Close the console window.

End of steps