
16 Security in Detail
Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM. Certificate and key can be in the same file or in separate files. The key can be encrypted with a password or not. The XPort Pro currently only accepts separate PEM files. The key needs to be unencrypted.
Utilities
Several utilities exist to convert between the formats.
OpenSSL
OpenSSL is a widely used open source set of SSL related command line utilities. It can act as server or client. It can generate or sign certificate requests. It can convert from and to all kinds of formats.
Executables are available for Linux and Windows.
To generate a
openssl req
See www.openssl.org or www.madboa.com/geek/openssl for more information.
Note: Signing other certificate requests is also possible with OpenSSL but is too complicated to explain here.
Steel Belted Radius
Steel Belted Radius is a commercial radius server by Juniper Networks that provides a GUI administration interface. It also provides a certificate request and
openssl pkcs12
The sbr_certkey.pem file contains both certificate and key. If loading the SBR certificate into XPort Pro as an authority, you will need to edit it.
1.Open the file in any plain text editor.
2.Delete all info before
END
SBR accepts
openssl x509
Note: With SBR, when the identity information includes special characters such as dashes and periods, SBR changes the format it uses to store these strings and
XPort Pro™ User Guide | 139 |