Generating signed certificates from the csrs – Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual
Page 135
135
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
US
State or Province Name (full name) [Some-State]:
Illinois
Locality Name (eg, city) []:
Champaign
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Cobalt Digital
Organizational Unit Name (eg, section) []:
Compression
Common Name (e.g. server FQDN or YOUR name) []:
Encoder-Device
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
The most important parameter is the
Common Name
. Select something unique for each device.
Also, leave the challenge password empty.
Repeat the same steps to generate a CSR for the ECDSA key if desired.
Generating Signed Certificates from the CSRs
The procedure here is the same regardless of where the CSRs come from. You can use CSRs
from your keys generated in the previous step, or you can get CSRs from the Cobalt device as
described in the section “Obtaining a CSR for the Built-In Keys”.
In the example below, we take the CSR in
RSA_CERT.CSR
and sign it with the CA Key in
CA_KEY.PEM
and the CA Certificate in
CA_CERT.PEM
, generating a certificate that is good
for 3650 days (10 years), and write to
RSA_CERT.PEM
:
openssl x509 -req -in RSA_CERT.CSR -CA CA_CERT.PEM -CAkey CA_KEY.PEM -CAcreateserial -
out RSA_CERT.PEM -days 3650 -sha256
Signature ok
subject=C = US, ST = Illinois, L = Champaign, O = Cobalt Digital, OU = Compression, CN
= Encoder-Device
Getting CA Private Key
Enter pass phrase for CA_KEY.PEM:
(password is entered here)
At this point, the file
RSA_CERT.CSR
is no longer necessary and can be deleted. Repeat the
same step for the ECDSA CSR if desired.
You can now upload the keys and certificates to the Cobalt devices using the procedure
described in section “Uploading Keys and Certificates”.