Cisco Headend Digital Broadband Delivery System Guia Da Instalação
Appendix C
SSL Configuration for the LoadPIMS Web Service
120
4036043 Rev B
Good to Know
Creating a Self-Signed Server Key Certificate
Complete the following steps to generate a self-signed certificate. Alternatively, an
existing SSL key and certificate can be used.
Note: Execute all commands as root user in an xterm window on the DNCS.
1 Follow these instructions to add the path for the openssl command.
existing SSL key and certificate can be used.
Note: Execute all commands as root user in an xterm window on the DNCS.
1 Follow these instructions to add the path for the openssl command.
a Type
PATH=$PATH:/usr/sfw/bin
and then press Enter.
b Type
export PATH
and then press Enter.
2 Type
cd /etc/apache2
and then press Enter.
3 Type the following command and then press Enter to create the server key and
certificate.
openssl genrsa -out /etc/opt/certs/server.key 1024
Note: Additionally, the key encryption format and number of bits in the key can
be specified. The following are possible key encryption types:
be specified. The following are possible key encryption types:
des — encrypt the generated key with DES in cbc mode
des3 — encrypt the generated key with DES in ede cbc mode (168 bit key)
aes128, aes192, aes256 — encrypt PEM output with cbc aes
Typical values for the number of bits in the key are 1024, 2048, and 4096.
4 Type the following command and then press Enter to generate a Certificate
Signing Request:
openssl req -new -key /etc/opt/certs/server.key -out
/etc/opt/certs/server.csr
5 If you want to sign the certificate yourself, (this will generate a certificate that
will not expire), type the following command and then press Enter.
openssl x509 -req -in /etc/opt/certs/server.csr -
signkey /etc/opt/certs/server.key -out
/etc/opt/certs/server.crt
6 Type the following command and press Enter to copy the server.crt file to
cacert.crt:
cp /etc/opt/certs/server.crt /etc/opt/certs/cacert.crt
7 Is client authentication required?
If yes, follow the steps outlined in Enable Client Certificate Authentication
(on page 116).
(on page 116).