Feedback

Fibre Ordering

Generate a Self-Signed Certificate

The steps below describe how to install OpenSSL and generate a self-signed certificate.


    Install OpenSSL

    Use the following steps to install OpenSSL on your local machine.

    Step Action
    1 Download openssl-0.9.8h-1-setup from http://downloads.sourceforge.net/gnuwin32/openssl-0.9.8h-1-setup.exe.
    2

    Navigate to your download folder, double-click openssl-0.9.8h-1-setup.exe.

    Result: the Welcome to the OpenSSL Setup Wizard is displayed.

    3

    Click Next.

    Result: the Licence Agreement screen is displayed.

    4

    Click Next.

    Result: the Select Desination Location screen is displayed.

    5

    The default install folder is: C:\Program Files (x86)\GnuWin32

    Click Next.

    Result: the Select Components screen is displayed.

    6

    Select Compact installation.

    Click Next.

    Result: the Select Start Menu Folder is displayed.

    7

    Click Next.

    Result: the Select Additional Tasks screen is displayed.

    8

    Click Next.

    Result: the Ready to Install screen is displayed.

    9

    Click Install.

    Result: OpenSSL is installed.


    Add OpenSSL Environment Variables

    Step Action
    1

    Follow the menu Start > Control Panel > System

    Click Advance system settings

    Result: the System Properties screen is displayed.

    2 Click Advanced tab
    3

    Click Environment Vairables

    Result: the Environment Variables screen is displayed.

    4

    Under System variables

    Select the Path variable
    Click Edit


    Add the Path to the OPENSSL bin directory, e.g.:

    Field What to enter
    Variable value: C:\Program Files (x86)\GnuWin32\bin

    Click OK

    5

    Under System variables

    Select New
    Add a variable for the openssl.cnf file, e.g.:

    Field What to enter
    Variable name: OPENSSL_CONF
    Variable value: C:\Program Files (x86)\GnuWin32\share\openssl.cnf

    Click OK

    Click OK to close the System Properties screen.


    Generate the Certificate

    Use the following steps to generate your certificate and private key.

    Step Action
    1

    Open a command prompt.

    Change directory to where you would like to save the certificate.

    2

    Note: the following command uses "key.pem" as the Private Key name, "certificate.pem" as the Certificate name and creates a certificate for one year. You may choose your own values.

    Run the command openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout key.pem -out certificate.pem

    Result: the following message is displayed.

    Loading 'screen' into random state - done Generating a 2048 bit RSA private key .........+++ ...................................................+++ writing new private key to 'secret.pem'
    Enter PEM pass phrase:

    3
    Question What to enter
    Enter PEM pass phrase: Enter a password to be associated with your Private Key.
    Note: it's recommended that you use different passwords for test and Production.
    Verifying - Enter PEM pass phase: Retype the password.

    Result: the following message is displayed.

    ----- You are about to be asked to enter information that will be incorporated into your certificate request. 
    What you are about to enter is what is called a Distinguished Name or a DN. 
    There are quite a few fields but you can leave some blank For some fields there will be a default value,
    If you enter '.', the field will be left blank. 

    4
    Question Cardinality Example value
    Country Name (2 letter code) [AU]: Optional  NZ
    State or Province Name (full name) [Some-State]: Optional  WLG
    Locality Name (eg, city) []: Optional  Wellington
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: Optional  Test RSP Ltd
    Organizational Unit Name (eg, section) []: Mandatory Support
    Common Name (eg, YOUR name) []: Mandatory Test RSP
    Email Address []: Optional  Tester@TestRSP.co.nz

    Result: the certificate and private key are created in the current directory.


    Verify the Certificate

    Use the following steps to verify that your certificate has been created successfully.

    Action

    Open a command prompt.

    Change to the directory where you generated the certificate.

    Note: the following command uses "certificate.pem" as the Certificate name.

    Run the command
    openssl x509 -in certificate.pem -text -noout

    Result: the certificate details are displayed. The following output was generated by a certificate created using the example values listed in step 4 above. The extensions are created as a default by OpenSSL 0.9.8h and are not mandatory. 

    Certificate:

    Data:
    Version: 3 (0x2)
    Serial Number:
    ca:73:2f:16:17:58:8e:bd
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: C=NZ, ST=WLG, L=Wellington, O=Test RSP Ltd, OU=Support, CN=Test
    RSP/emailAddress=Tester@TestRSP.co.nz
    Validity
    Not Before: Sep 16 01:55:06 2015 GMT
    Not After : Sep 15 01:55:06 2016 GMT
    Subject: C=NZ, ST=WLG, L=Wellington, O=Test RSP Ltd, OU=Support, CN=Test
    RSP/emailAddress=Tester@TestRSP.co.nz
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
    Modulus (2048 bit):
    00:e9:4b:e7:ba:fc:27:ea:83:0a:af:63:cf:d8:fa:
    b6:9d:16:20:5e:9b:2c:c2:84:c8:87:98:e7:18:3a:
    45:5a:a5:e3:e6:64:2a:c2:cb:17:f9:5b:3b:21:79:
    48:f2:c9:19:02:9f:23:c1:46:15:63:5b:1e:55:ce:
    db:de:1a:8e:94:0a:64:39:38:c0:9d:3e:7b:65:59:
    af:2d:51:75:90:43:3e:19:2a:d0:6c:0a:0d:d1:1b:
    d5:24:07:0c:35:b3:51:15:bf:45:8b:70:30:fe:87:
    e7:a7:a6:af:d3:38:17:31:97:80:b2:26:49:78:b4:
    0c:58:9d:ce:ee:f0:e6:54:d2:76:54:9d:57:56:d9:
    5f:d5:bf:3b:a5:73:cc:7c:75:23:ef:07:8f:80:5a:
    8b:1a:cc:b0:56:35:59:c4:4f:f2:c2:bd:85:12:5f:
    1a:0e:df:08:ba:24:62:9c:f4:e3:53:04:03:36:18:
    17:2d:06:7f:33:37:d0:ee:6a:b5:b7:34:0f:77:42:
    83:93:95:e8:68:88:f0:f2:32:6b:51:9e:15:74:f8:
    10:5b:f3:a3:6d:d6:35:a0:91:e0:23:96:40:fb:d8:
    40:18:db:6e:07:2e:cb:ca:06:a8:f2:9f:9b:6c:9f:
    b9:47:d3:2f:2f:27:02:a2:ff:1e:97:0c:57:a1:1e:
    b6:cb
    Exponent: 65537 (0x10001)
    X509v3 extensions:
    X509v3 Subject Key Identifier:
    54:48:2D:69:DA:7A:EC:13:3E:F4:0E:B4:BD:77:2A:BF:28:45:31:99
    X509v3 Authority Key Identifier:
    keyid:54:48:2D:69:DA:7A:EC:13:3E:F4:0E:B4:BD:77:2A:BF:28:45:31:9
    9
    DirName:/C=NZ/ST=WLG/L=Wellington/O=Test RSP Ltd/OU=Support/CN=T
    est RSP/emailAddress=Tester@TestRSP.co.nz
    serial:CA:73:2F:16:17:58:8E:BD

    X509v3 Basic Constraints:
    CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    0c:8f:bd:f7:eb:5a:0e:46:a1:31:6a:ef:20:a9:b1:e7:7b:9c:
    4b:20:e2:63:ea:57:8a:91:40:b3:bc:c0:28:dc:01:83:e1:bb:
    31:c7:91:ed:ef:d8:e2:c6:2a:dd:63:59:34:ff:5c:ba:cd:64:
    11:a2:68:29:21:aa:28:b2:da:c5:59:e6:4e:7b:49:22:bf:b5:
    db:97:21:e7:a0:37:9f:b9:8c:50:37:58:34:15:ec:8e:f8:16:
    c1:3b:5b:15:b1:a9:fe:89:8f:73:76:33:dc:e9:65:b5:12:ec:
    4c:45:7f:f3:28:fd:ac:91:aa:b6:1b:d0:4f:74:91:2c:0f:5e:
    d2:b6:de:81:2e:2e:5a:dd:cd:df:49:2a:62:15:ef:9f:6d:c1:
    6a:b3:31:61:8e:bf:6c:5c:43:e9:e9:05:dd:9c:88:77:f3:b4:
    d4:56:27:2a:5c:e4:b0:2b:d7:14:b5:65:dd:0c:58:fd:b0:f5:
    ba:ae:fb:87:19:c4:d1:4e:1e:43:cd:5e:0c:83:29:4f:22:22:
    dd:f7:2f:a4:f4:f4:48:21:16:59:d2:da:09:ed:5b:ce:78:a3:
    ca:08:8f:95:2c:29:ce:87:2a:e5:6b:c6:a6:63:85:ce:ef:01:
    63:c6:d1:50:d2:44:1c:fb:51:48:97:60:1b:36:6e:61:82:1a:
    7e:4b:c2:35


    Where to Next?

    Send the certificate to your Implementation Manager for uploading into the Chorus B2B.