It will prompt for a pass phrase to protect the key
Generating RSA private key, 2048 bit long modulus .....+++ ......................................+++ e is 65537 (0x10001) Enter pass phrase forprivkey.pem: Verifying - Enter pass phrase forprivkey.pem:
Create a Self-Signed Certificate
Create a self-signed certificate with the following command
Enter the pass phrase that was entered when creating the private key and fill out the questionnaire
Enter pass phrase forprivkey.pem: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Connecticut Locality Name (eg, city) :Fairfield Organization Name (eg, company) [Internet Widgits Pty Ltd]:IPC Organizational Unit Name (eg, section) :eTAC Common Name (e.g. server FQDN or YOUR name) :this.server.com Email Address :
Add an Alternate Subject Name
If an alternate subject name is needed it needs to be added to a file and referenced with the -extfile argument and reference the section of the file where the extensions are.
in the example a file named “deviceExtnFile” with the section “[ svc_cert_ext ] ” and the subject alternative name(SAN) added as “subjectAltName=IP:IP-Address,DNS.1:FQDN-VIP”
As of Unigy V4.2 patch 2, the only X509v3 extension Unigy will accept is the “subject alternative name” extension
Sign CSR to Create a Signed Certificate
The following will create a signed certificate based on the CSR file CSRfile.csr using the testcacert.pem as the CA certificate and it’s private key privkey.pem. extfile deviceExtnFile is optional if you want an alternate subject name as entered in the deviceExtnFile file.