Belkin F1DP116SEA Server User Manual


 
585858
Appendix E: Creating CA Files
The Console Server supports secure web-page configuration (aka https). There are two
types of certificate files for server-side authentication.
• Self-signed:Userscancreatethecerticatelesbythemselves.Thedownsideis
that the client will be prompted to accept a certificate signed by an authority not
known to the browser. Usually the client browser will have to accept the certificate
only once and it will not be prompted further.
• SignedbyaCerticationAuthority:UserscreateCAlesandsendouttoaCAfor
signing. The main advantage is that the client will not be prompted to accept a
certificate.
Users need to install openSSL toolkit before creating the CA files mentioned above. We
explain here how to generate the certificate for the Console Server’s web server using
openSSL and the Linux shell. For openSSL toolkit, you can download it from: http://www.
openssl.org/.
1. Self-signed CA:
i) Create a key and X.509 certificate:
under Linux command prompt:
openssl req -x509 -newkey rsa:1024 -days 1024 -keyout cakey.pem -out cacert.
pem
The options that can be changed here are:
* the PK algorithm can be changed from rsa to dsa and also the length of the
key in bits (512, 1024, 2048, 4096).
* time period for the certificate validity; we set it to 1024 days, which is less
than 3 years.
You can also set start/end date for the validity of the certificate. You will be
prompted for the PEM passphrase twice for the key and then you have to enter
some information necessary for the certificate:
Here is an example prompt:
Country Name <US>
State or Province Name <YourState>
City or Locality <Anchorage>
Organization Name <Your business name>
Prolix Organizational Unit <R & D>
Common Name (SERVER HOST NAME) <IPCS>
Server Admin’s Email Address <you@yourdomain.dom>