Cisco Cisco Identity Services Engine 1.3 전단
© 2015 思科系统公司
第
15 页
安全访问操作指南
为
SMC 创建自签名证书
此处我们为
SMC(pxGrid 客户端)创建自签名证书。您需要在 SMC 上获取根访问权限。
注:这些步骤记录在
SMC -> Help-Self-Signed Certificates 上
步骤
1. 为 SMC 生成私钥,系统还将提示您输入要在后续步骤中使用的口令。
openssl genrsa –des3 –out smc1.key 2048
您将看到以下内容:
smc:~# openssl genrsa -des3 -out smc1.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................................................................
...............................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for smc1.key:
Verifying - Enter pass phrase for smc1.key:
smc:~#
步骤
2. 生成自签名证书请求 (CSR) 。
openssl req -new -key smc1.key -out smc1.csr
Note: All the field are required except for the challenge password [] and company name []
您将看到以下内容:
smc:~# openssl req -new -key smc1.key -out smc1.csr
Enter pass phrase for smc1.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Maryland
Locality Name (eg, city) []:Germantown
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Lancope
Organizational Unit Name (eg, section) []:Engineering
Common Name (e.g. server FQDN or YOUR name) []:smc.lab6.com
Email Address []:jdoe@lancope.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
smc:~#