User manual

P75598- Belkin OmniView Serial Console

Appendix E: Creating CA files

The Serial Console server supports secure web page configuration (a.k.a. https). There

are two types of certificate files for server side authentication.

 self-signed : Users can create the certificate files by themselves. The downside is that

the client will be prompted to accept a certificate signed by an authority not known to

the browser. Usually the client browser will have to accept the certificate only once

and it will not be prompted further.

 signed by a Certification Authority: Users create CA files and send out to a CA for

signing. The main advantage is that the client will not be prompted to accept a

certificate.

Users need to install openssl toolkit before create the CA files mentioned above. We

explain here how to generate the certificate for the Serial Console web server using

openssl and the Linux shell. For openssl toolkit, it can be downloaded from :

http://www.openssl.org/

1. Self-signed CA:

i) Create a key and X.509 certificate:

under Linux command prompt:

openssl req -x509 -newkey rsa:1024 -days 1024 -keyout cakey.pem -out cacert.pem

The options that can be changed here are:

* the PK algorithm can be changed from rsa to dsa and also the length of the key in bits

(512, 1024, 2048, 4096).

* time period for the certificate validity, we set it to 1024 days which is less than 3 years.

You can also set start / end date for the validity of the certificate.You will be prompted for

the PEM pass phrase twice for the key and than you have to enter some information

necessary for the certificate:

64 / 66