Remove a passphrase from a key, Generate a self-signed certificate, Verifying a self-signed certificate – HP StoreFabric Converged Network Adapters User Manual

Page 14

Advertising
background image

Installing BACS components on Microsoft and Linux operating systems 14

7.

Select WinRM Service, and then enable Allow Basic Authentication.

Generating a self-signed certificate for Microsoft and Linux servers

Use Openssl to create a self-signed certificate. Openssl is available on both Microsoft Windows and Linux
operating systems.
To create a self-signed certificate on Microsoft Windows:

1.

Generate a private key:
openssl genrsa –des3 –out server.key 1024

2.

Enter a passphrase at the prompt. Be sure to record the passphrase.

3.

Generate a CSR:
openssl req –new –key server.key –out server.csr

4.

At the prompt for a common name, enter the Microsoft Windows Server hostname or IP address.

5.

Enter a value for all bolded parameters at the prompt for certificate information.

Remove a passphrase from a key

1.

Run cp server.key server.key.org.

2.

Run openssl rsa -in server.key.org -out server.key.

Generate a self-signed certificate

To generate a self-signed certificate that is valid for 365 days:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out

server.crt

The following example shows the output from the command:

Signature ok

subject=/C=US/ST=Texas/L=Houston/O=Hewlett-Packard/OU=Engineering/CN=MGM

TAPP- LAB3/emailAddress=

Verifying a self-signed certificate

To verify a self-signed certificate, run openssl verify server.crt.
The following example shows the output from the command:

server.crt:/C=US/ST=Texas/L=Houston/O=Hewlett-Packard/OU=Engineering/CN=

MGMTAPP- LAB3/emailAddress=

If an error message appears, such as Error 18 at 0 depth lookup:self signed certificate,

ignore the message. The error indicates the certificate is self-signed.

Converting the certificate from crt to pkcs12 format

For Microsoft Windows Server, configure the certificate in the pkcs12 format.
To convert the certificate to pkcs:

1.

Run openssl pkcs12 -export -in server.crt -inkey server.key -out hostname.pfx.

2.

Enter a user name and password at the prompt.

Advertising
This manual is related to the following products:

FlexFabric 10Gb 2-port 534M Adapter, FlexFabric 10Gb 2-port 534FLR-SFP Adapter, FlexFabric 10Gb 2-port 534FLB Adapter

Popular Brands
Popular manuals