Filter
Top Products
2-4
WLSE Express AAA Server Certificate Configuration Guide
OL-8880-01
Chapter 2 Generating Certificates
Generating Certificates with OpenSSL
Required Certificate Extensions
PEAP and EAP-TLS require server certificates to include an extendedKeyUsage extension of TLS Server
Authentication and client certificates to include an extendedKeyUsage extension of TLS Client
Authentication. These extensions can be placed in a configuration file referenced on the openssl
command line.
The following is an example of the required certs-exts.cnf extensions file:
[ server_exts ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
[ client_exts ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
Creating Test Certificates and Keys
Use the openssl command line tool to create certificates and keys for testing PEAP. The following
sections provide examples of how to create a simple certificate hierarchy that consists of a single CA
certificate, a single server certificate, and a single client certificate. Additional certificates and keys can
be produced as needed for testing purposes.
Note Long commands are shown on multiple lines, and some of the commands will prompt you for additional
input.
Creating a CA Directory
To create a CA directory, enter the following commands as a root user:
mkdir ca
cd ca
mkdir certs private reqs
echo ‘01’ > serial
touch index.txt
chmod 0700 private
cd ..
Creating a Self-signed CA Root Certificate and RSA Key
Use the following command sequence to create a self-signed CA root certificate and RSA key.
openssl req -x509 -newkey rsa:1024 –keyout ./ca/private/root-key.pem -keyform PEM
-out ./ca/certs/root-cert.pem -outform PEM -config ./openssl.cnf