Cisco Acano X-series
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
32
Appendix A OpenSSL Commands for Generating
Certificates
Certificates
Instead of the MMP pki command described in
, OpenSSL can be used to generate
private keys, certificate signing requests and certificates. This appendix details the OpenSSL
commands to use. The examples assume OpenSSL is running on Windows, although OpenSSL
can be used on other platforms.
commands to use. The examples assume OpenSSL is running on Windows, although OpenSSL
can be used on other platforms.
Note: Run OpenSSL in Administrator mode.
A.1 Generating RSA private keys and CSR files
Use the OpenSSL toolkit on your computer.
To generate a new RSA private key and CSR file, use the command:
openssl req -out <certname>.csr -new -newkey rsa:2048 -nodes -keyout
<keyname>.key
<keyname>.key
For example:
openssl req -out webbridge.csr -new -newkey rsa:2048 -nodes -keyout
webbridge.key
webbridge.key
generates a CSR file named webbridge.csr and an RSA 2048 bit private key named
webbridge.key,
webbridge.key,
Note: The keyname and certname must NOT include a “.”, for example webbridge is valid, but
web.bridge is not allowed.
web.bridge is not allowed.
To generate a certificate signing request (CSR) for an existing private key, use the command:
openssl req -out <certname>.csr -key <keyname>.key –new
For example:
openssl req -out xmppserver.csr -key xmppserver.key –new
generates a CSR file named xmppserver.csr based on an existing private key named
xmppserver.key,
xmppserver.key,
If you intend to self-sign the certificate using OpenSSL, then no intermediate CSR file is
required, go to the next section.
required, go to the next section.
Appendix A OpenSSL Commands for Generating Certificates