SnapGear 2.0.1 User Manual

Virtual Private Networking

143

4. Create the self-signed root CA certificate:

openssl req -config openssl.cnf -new -x509 -keyout
rootCA/ca.key -out rootCA/ca.pem -days DAYS_VALID -nodes

.. where DAYS_VALID is the number of days the root CA is valid for.

Remove the –nodes option if you want to use a password to secure the CA key.

For each certificate you wish to create, there are two steps:

1. Create the certificate request:

openssl req -config openssl.cnf -new -keyout cert1.key -out
cert1.req

Enter a PEM pass phrase (this is the same pass phrase required when you
upload the key to the CyberGuard SG appliance) and then the certificate details.
All but the Common Name are optional and may be omitted.

2. Sign the certificate request with the CA :

openssl ca -config openssl.cnf -out cert1.pem -notext -
infiles cert1.req

Then you will have a certificate/key pair, cert1.pem and cert1.key, ready to use in the
CyberGuard SG appliance.

For each certificate required, change the cert1.* filenames appropriately.