Generating a Self-Signed Certificate
Equalizer Installation and Administration Guide
283
4. Once the CA returns your signed certificate (usually in email), go to the section “Preparing a Signed CA
Certificate for Installation” on page 283.
Generating a Self-Signed Certificate
To generate a self signed certificate in PEM format:
1. Generate a self-signed x509 format certificate by entering this command:
openssl req -new -x509 -newkey rsa:1024 -out selfcert.pem -days 1095
This creates a self-signed certificate (
selfcert.pem
) that will be valid for 1095 days (about three years) and also
generates a new private key to be output into a file named
privkey.pem
. The key length you use (1024 in this
example) can be any multiple of 8. If you already have a private key, use
-key
filename
instead of
-newkey
rsa:1024
to specify the file containing the private key. The key length you use (i.e., 1024 in this example) can
be any multiple of 8.
After generating the private key, the following prompts are displayed (example responses shown):
Enter PEM pass phrase:
<password>
Verifying - Enter PEM pass phrase:
<password>
Country Name (2 letter code) [AU]:
US
State or Province Name (full name) [Some-State]:
New York
Locality Name (eg, city) []:
Millerton
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
CPS Inc.
Organizational Unit Name (eg, section) []:
Engineering
Common Name (eg, YOUR name) []:
myclient.example.com
Email Address []:
Depending on the tool you use to create the certificate, you may also be asked for a challenge password and
other optional information. Make sure you remember the
password
(and, if prompted, the challenge password)
you specify, as you will need it to install the certificate.
The
Common Name
provided must be the DNS-resolvable fully qualified domain name (FQDN) used by the
Equalizer cluster. For a
server certificate
, when the client receives the certificate from the server, the browser
will display a warning if the
Common Name
does not match the hostname of the request URI. For a
client
certificate
, the
Common Name
in the client’s copy of the certificate is only compared to the
Common Name
in
the copy on the server, so this can be any value.
2. Combine the private key and certificate into one file, using a command like the following:
cat selfcert.pem privkey.pem > clustercert.pem
3. You can now install your self signed certificate and private key file,
clustercert.pem
, on Equalizer and your
clients, as appropriate.
Preparing a Signed CA Certificate for Installation
When you receive your signed certificate back from your CA, you’ll get one or more
.pem
files in return, or you’ll
get one or more mail messages from the CA. The files or messages contain your signed certificate and any necessary
intermediate certificates required by the CA’s chain of trust.
If you get your certificates in the mail, save each one to an ASCII text file with a
.pem
extension. Make sure you use
a text editor such as
Notepad
(Windows) or
vi
(Unix/Linux) to save the files as text files.
Note that if you are using IIS, see the section “Using IIS with Equalizer” on page 286.
If you get only
one
certificate (the signed server certificate) from your CA, then:
Summary of Contents for E350GX
Page 18: ...Chapter Preface 18 Equalizer Installation and Administration Guide ...
Page 38: ...Chapter 1 Equalizer Overview 38 Equalizer Installation and Administration Guide ...
Page 80: ...Chapter 4 Equalizer Network Configuration 80 Equalizer Installation and Administration Guide ...
Page 110: ...Chapter 5 Configuring Equalizer Operation 110 Equalizer Installation and Administration Guide ...
Page 208: ...Chapter 7 Monitoring Equalizer Operation 208 Equalizer Installation and Administration Guide ...
Page 240: ...Chapter 8 Using Match Rules 238 Equalizer Installation and Administration Guide ...
Page 262: ...Appendix A Server Agent Probes 258 Equalizer Installation and Administration Guide ...
Page 274: ...Appendix B Timeout Configuration 270 Equalizer Installation and Administration Guide ...
Page 280: ...Appendix D Regular Expression Format 276 Equalizer Installation and Administration Guide ...
Page 310: ...Appendix F Equalizer VLB 306 Equalizer Installation and Administration Guide ...
Page 318: ...Appendix G Troubleshooting 314 Equalizer Installation and Administration Guide ...