Service manual
Chapter 3: Security 51
The Certificate Signing Request (CSR) generated by the command contains some personal or
corporate information and its public key.
2. Submit the CSR to CA for approval. This service may be requested by accessing the CA’s web
site. Visit pki-page.org for a list of CAs.
3. Once approved, CA sends the certificate file to the originator. The certificate is stored on a
directory server. The following procedures describe the certificate installation process.
To install the certificate on the web server:
1. Log in to the console server.
2. Create the /etc/CA/server.pem file by combining the certificate with the private key.
# cat Cert.cer private.key > /etc/CA/server.pem
3. Copy the certificate to the /etc/CA/cert.pem file.
# cp Cert.cer /etc/CA/cert.pem
4. Save the configuration in Flash.
# saveconf
5. Reboot the console server for the certificate to take effect.
User configured digital certificate
The console server generates its own self-signed SSL certificate for HTTPs using OpenSSL. It is
highly recommended that you use the “openssl” tool to generate a self-signed certificate and
replace the console server’s generated certificate.
Table 3.11: Required Information for the OpenSSL Package (etc/openssl.conf file by default)
Parameter Description
Country Name (2 letter code) The country code consisting of two letters.
State or Province Name (full name) Provide the full name (not the code) of
the state.
Locality Name Enter the name of your city.
Organization Name Organization for which you are obtaining the
certificate.
Organizational Unit Name Department or section where you work.
Common Name Name of the server where the certificate should
be installed.
Email Address Your email address or the administrator’s
email address.