Page tree

Contents

To create a self-signed certificate, complete the following steps:

Step 1: Create CA certs. By default, the certificate will remain valid for a period of one month.

openssl req -nodes -new -newkey rsa:2048 -x509 -keyout CA.key -out CA.cert -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=Cloud/CN=*"

Or, the number of days the certificate will remain valid can be modified by adding a  flag possessing a specified time period to the OpenSSL command. In the example below, we have added the -days 365 flag  to change the period of time the certificate will remain valid from the default value to a period of one year. 

openssl req -nodes -new -days 365 -newkey rsa:2048 -x509 -keyout CA.key -out CA.cert -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=Cloud/CN=*"

Step 2: Create Key and CSR.

openssl req -batch -new -newkey rsa:2048 -nodes -keyout server.key -out rpz.csr -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=SAAS/CN=*"

Step 3: Create Server cert by signing using CA certs. The certificate is good for 1 month by default. 

openssl x509 -in rpz.csr -out server.cert -CAkey CA.key -CA CA.cert -req -CAcreateserial 

Or, the the number of days the certificate will remain valid can be modified by adding a defined time period to the OpenSSL command. In the example below we're  adding the flag -days 365 to the command which will change the time period from its default value to a time period of one year. 

openssl x509 -in rpz.csr -out server.cert -CAkey CA.key -CA CA.cert -req -CAcreateserial -days 365  

Step 4: Combine cert and key to single pem file to upload in UI.

cat server.cert server.key > server.pem

Step 5: Use CA.cert in the NIOS appliance to configure Secure TCP.


  • No labels

This page has no comments.