Generating an appliance certificate
Each appliance should have a valid X.509 version 3 identity certificate in PEM format with an unencrypted key. This certificate can be generated using a variety of tools. Below is a simple procedure using OpenSSL to generate a private key and CA that can be used for your appliance.
This section assumes that you are familiar with OpenSSL and have a working OpenSSL installation.
The following OpenSSL statement creates a 2048-bit RSA private key with a password of 1234:
openssl genrsa -passout pass:1234 -des3 -out CA_key_password.pem 2048
You must supply a password, as OpenSSL does not allow the creation of a private key without one. You can then strip the password from the key as follows:
openssl rsa -in CA_key_password.pem -passin pass:1234 -out CA_key.pem
This also renames the private key file from CA_key_password.pem to CA_key.pem. Finally, use the following statement to create the CA:
openssl req -x509 -days 11000 -new -sha1 -key CA_key.pem - out CA_cert.pem
Note that this command prompts you to input information about different parameters, such as country, state, locality, or your organization’s name.
Once you have created the private key (CA_key.pem) and public certificate (CA_cert.pem), import the certificate to all relevant browsers, and upload the certificate to each appliance using the Certificates tab.