Creating a certificate authority with openssl, Generating the ca key and certificate – Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual

133



If the device is using the built-in credentials, the Common Name is set to

Product_MACAddress

. For example,

9992-ENC_AC:83:F0:01:03:18.



If the device is using a certificate derived from a CSR from the device itself, the
Common Name was set in the CSR, as described in the section “Obtaining a CSR for the
Built-In Keys” and illustrated in Figure 7.



If the device is using an externally-generated key/certificate pair, the Common Name is
part of that certificate.

When a connection succeeds, the Common Name of the remote end is reported in the Statistics
area,

Network

top tab,

Tunnel Stats

bottom tab, as indicated in Figure 17.

Creating a Certificate Authority with OpenSSL

This section shows how to create a private Certificate Authority with OpenSSL. Please note that
Cobalt Digital cannot provide support for OpenSSL, these instructions are provided as-is. If you
are using Linux, most distributions include OpenSSL, either by default or as an additional
package. If you are using Windows, there are a number of ports available in the Internet. One
such port can be found in

this link

. Note that OpenSSL is a command-line utility that needs to

run in a terminal (or a “cmd” shell in Windows).
In the sections below, commands to be typed are in

black

and responses are in

purple

.

Generating the CA Key and Certificate

The first step is to generate the CA key, which must be kept secret. In this example, the key will
be written to

CA_KEY.PEM

:

openssl genrsa -des3 -out CA_KEY.PEM 2048

Figure 17: CN Reporting in the Statistics GUI