Using Certificates in HTTPS Clusters
Generating a CSR and Getting It Signed by a CA
Most CA vendors provide a means of generating a Certificate Signing Request (CSR) on their
websites, and we recommend that you use the CA website to generate the CSR. For several good
tutorials on how to get your certificates signed, please see:
http://sial.org/howto/openssl/
A CSR can also be generated using the OpenSSL tools on any system, including Windows. The
examples below were executed on a Windows system with the OpenSSL tools installed.
Note that only the most basic
openssl
command options are shown in these examples. See the
openssl
(1) and
req
(1) manual pages for the SSL implementation on your system for more
information.
Note
- Generating a CSR on Equalizer is NOT supported. Consult the Certificate Authority that supplies your SSL
certificates and use the tools that they recommend.
Generating a CSR using OpenSSL
1. Navigate to an appropriate directory on your system, and create a new directory to hold
your CSR, certificate, and private key.
2. Generate the CSR by entering this command:
openssl req -new -newkey rsa:1024 -out cert.csr
This begins an interactive session to generate a CSR, and also generates a new
private key to be output into a file named privkey.pem. If you already have a private
key, use -key filename (instead of -newkey rsa:1024) to specify the file containing
the private key.
It is recommended that you do not share your private key.
After generating the private key, the following prompts are displayed (example
responses shown):
Enter PEM pass phrase:
<password>
Verifying - Enter PEM pass phrase:
<password>
Country Name (2 letter code) [AU]:
US
State or Province Name (full name) [Some-State]:
New York
Locality Name (eg, city) []:
Millerton
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
CPS Inc
.
Organizational Unit Name (eg, section) []:
Engineering
Common Name (eg, YOUR name) []:
mycluster.example.com
Email Address []:
Make sure you remember the
password
you specify, as you will need it to install and
use the certificate.
820
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......