3.Save the CSR from the KVM. (Save the csr.cer into the OpenSSL installation folder \OpenSSL\bin)

4.Move the directory "demoCA" into "bin" within the OpenSSL installation directory and add directory "newcerts" in"demoCA"

5.Under the command prompt window, change the directory to \OpenSSL\bin and execute the following commands in the command prompt:

a.openssl req -new -newkey rsa:1024 -days 3365 -nodes -x509 -keyout ca.key -out ca.cer

b.openssl.exe ca -policy policy_anything -config openssl.cfg -cert ca.cer -in csr.cer -keyfile ca.key -days 360 -out new.cer

Note: 1. Commands should be entered all on one line. (Do not press [ENTER] until all the parameters have been entered).

2.If there are spaces in the input, surround the entry in quotes. Example: (apc by schneider- electric).

To avoid having to input information during key generation the following additional parameters can be used: /C /ST /L /O /OU /CN /emailAddress.

Parameter

Definition

Max characters Example

/C

Country:

2

US

/ST

State or Province 32

Missouri

/L

Locality

32

St. Louis

/O

Organization:

64

Your Company, Ltd.

/OU

Unit:

32

Techdoc Department

/CN

Common Name:

32

mycompany.com

 

 

 

Note: This must be the exact domain name of the site that

 

 

 

you want the certificate to be valid for. If the site's domain

 

 

 

name is www.mycompany.com, and you only specify

 

 

 

mycompany.com, the certificate will not be valid.

/emailAddress

Email Address:

64

administrator@yourcompany.com

Importing the Files. After the openssl.exe program completes, two files, CA.key (the private key) and CA.cer (the self-signed SSL certificate), are created in the directory. These are the files that you upload in the Private Certificate panel of the Security page (see “Security” on page 75, and “Private Certificate” on page 78).

If you encounter "Failed to update database, TXT_DB error number 2," you will need to edit a text file in the OpenSSL program directory before continuing. The file "index.txt.attr" in the "demoCA" directory will be generated after you run command "b" from step 4 above for the first time. Please edit it to "unique_subject = no". The error should be solved. You should be able to run command "b" over and over again with the certificate logged in "index.txt" for the same subject.

In order to upload the self signed certificate to the KVM switch, login to the KVM Switch and navigate to Device Management->Security->Private Certificate section and click "Browse" next to private key. Browse to the OpenSSL program directory and within the "bin" folder, choose "ca.key." Click "Browse" next to Certificate and find "ca.cer." Press Open and then Upload. You should receive a message saying Operation Succeeded.

KVM Switch KVM2132P, KVM2116P, KVM1116P User Manual

113

Page 124 Page 126
Page 125
Image 125
Schneider Electric KVM1116P, KVM2132P, KVM2116P user manual Parameter Definition Max characters Example
Page 124 Page 126
Top Page Image Contents