- Create a key for the device or user with the command: genrsa -out device.key 2048 This command creates the file 'device.key' in the current directory.
-
Create a certificate request for the device or user with the command:
req -key device.key -new -subj /CN=DEVICE -out device.req
This command creates the file 'device.req' in the current directory.
Important: In addition to this command, further changes to the file "openssl.cnf" are required to define an extension.
- Create a certificate from the certificate request with the command: x509 -extfile openssl.cnf -req -in device.req -CAkey ca.key -CA ca.crt -CAcreateserial -days 90 -out device.crt This command signs the certificate request 'device.req' with the key 'ca.key' and then issues the certificate 'device.cert'. The configuration file openssl.cnf is also involved in the procedure.
- Export the certificate for the device or user with the command: pkcs12 -export -inkey device.key -in device.crt -certfile ca.crt -out device.p12 This command combines and saves the key 'device.key', the device certificate 'device.crt’ and the root certificate ‘ca.crt’ to the file 'device.p12'. This PKCS#12 file can be uploaded directly to the required device.
LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de
