Appendix
Self-Signed Private Certificates
If you wish to create your own self-signed encryption key and certificate, a free utility – openssl.exe – is available for download over the web at www.openssl.org. To create your private key and certificate do the following:
1.Go to the directory where you downloaded and extracted openssl.exe to.
2.Run openssl.exe with the following parameters:
openssl req -new -newkey rsa:1024 -days 3653 -nodes -x509 -keyout CA.key -out CA.cer -config openssl.cnf
Note: 1. The command should be entered all on one line (i.e., do not press [Enter] until all the parameters have been keyed in).
2.If there are spaces in the input, surround the entry in quotes (e.g., “ATEN International”).
To avoid having to input information during key generation the following additional parameters can be used:
/C /ST /L /O /OU /CN /emailAddress.
Examples
openssl req -new -newkey rsa:1024 -days 3653 -nodes -x509 -keyout CA.key -out CA.cer -config openssl.cnf -subj /C=yourcountry/ST=yourstateorprovince/L=yourlocationor city/O=yourorganiztion/OU=yourorganizationalunit/ CN=yourcommonname/emailAddress=name@yourcompany.com
openssl req -new -newkey rsa:1024 -days 3653 -nodes -x509 -keyout CA.key -out CA.cer -config openssl.cnf -subj /C=CA/ST=BC/L=Richmond/O="ATEN International"/OU=ATEN /CN=ATEN/emailAddress=eservice@aten.com.tw
Importing the Files
After the openssl.exe program completes, two files – CA.key (the private key) and CA.cer (the self-signed SSL certificate) – are created in the directory that you ran the program from. These are the files that you upload in the Private Certificate panel of the Security page (see Security, page 134, and Private Certificate, page 137).