_____________________________________________________________________
B096-016 B096-048 and B092-016 User Manual Page 190
http://www.openssl.org/docs/apps/openssl.html
http://www.openssl.org/docs/HOWTO/certificates.txt
15.8 HTTPS
The Management Console can be served using HTTPS by running the webserver via sslwrap.
The server can be launched on request using inetd.
The HTTP server provided is a slightly modified version of the fnord-httpd from
http://www.fefe.de/fnord/
The SSL implementation is provided by the sslwrap application compiled with OpenSSL support.
More detailed documentation can be found at http://www.rickk.com/sslwrap/
If your default network address is changed or the unit is to be accessed via a known Domain
Name, you can use the following steps to replace the default SSL Certificate and Private Key
with ones tailored for your new address.
1. Generating an encryption key
To create a 1024 bit RSA key with a password, issue the following command on the command
line of a Linux host with the openssl utility installed:
openssl genrsa -des3 -out ssl_key.pem 1024
2. Generating a self-signed certificate with OpenSSL
This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available
for most Linux distributions via the default package management mechanism. (Windows users
can check http://www.openssl.org/related/binaries.html )
To create a 1024 bit RSA key and a self-signed certificate, send the following openssl command
from the host you have openssl installed on:
openssl req -x509 -nodes -days 1000 \
-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem