Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Generating an appliance certificate
Each appliance should have a valid X.509 version 3 identity certificate in PEM format with an unencrypted key. This certificate can be generated using a variety of tools. Below is a simple procedure using OpenSSL to generate a private key and CA that can be used for your appliance.
This section assumes that you are familiar with OpenSSL and have a working OpenSSL installation.
The following OpenSSL statement creates a 2048-bit RSA private key with a password of 1234:
openssl genrsa -passout pass:1234 -des3 -out CA_key_password.pem 2048
You must supply a password, as OpenSSL does not allow the creation of a private key without one. You can then strip the password from the key as follows:
openssl rsa -in CA_key_password.pem -passin pass:1234 -out CA_key.pem
This also renames the private key file from CA_key_password.pem to CA_key.pem.
Finally, use the following statement to create the CA:
openssl req -x509 -days 11000 -new -sha1 -key CA_key.pem -out CA_cert.pem
Note that this command prompts you to input information about different parameters, such as country, state, locality, or your organization's name.
Once you have created the private key (CA_key.pem) and public certificate (CA_cert.pem), import the certificate to all relevant browsers, and upload the certificate to each appliance using the Certificates tab.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2020 Forcepoint. All rights reserved.