SmartSwarm 300 Series
:
116
Key
The Private Key (for the Device) that is used to generate the
Certification Request.
The Certification Request is what you send to the Certification
Authority.
Table 47. OpenVPN fields
When OpenVPN feature is enabled, the Client Key, the Client Certificate, and the CA Certificate will be sent to the
Device.
When the OpenVPN feature is disabled, all of these items will be removed from the Device.
So how do you create your Key, how do you get your Client Certificate, and how do you know what the CA
certificate is?
You can generate your own private key (intended to be the Private Key of the Device).
Please consult “openssl” documentation, and please refer to your OpenVPN server’s documentation.
Here’s an example of how to create a private key. (There are many options that you can apply here; we’re using
one option for illustration purposes only):
$ openssl genrsa -out MyDevicePrivate.key 2048
You now have the “Key” required.
Next, you need to generate a Certificate Signing Request. Here’s an example (again, this is only one of many
possible examples):
$ openssl req -new -sha256 -key MyDevicePrivate.key -out
CertificateRequest.csr
Country Name: <your 2 letter country code>
State or Province Name: <your province name>
Locality Name: <your location name>
Organization Name: <your organization name>
Organizational Unit Name: <your team name>
Common Name: <your domain name> (e.g. "devid6500003")
email: <your email>
Challenge password: <blank, press enter>
Optional company name: <blank, press enter>
The output from this sequence is a file named “CertificateRequest.csr”.
Now, you must send this Certificate Signing Request to your Certificate Authority for signing.
The CA that signs this certificate must be the same CA, or in the chain-of-trust of the CA, that has signed the
Server’s Certificate.
You will receive back your signed certificate (this is the Client Certificate that you require), along with the server’s
CA certificate (this is the CA Certificate that you require).
