Specifications

ManualsBrandsCoyote Point Systems ManualsHome AudioEqualizer

181

182

183

184

185

186

187

188

189

190

Appendix D: HTTPS Cluster Certificates

176 Equalizer Installation and Administration Guide

For a client certificate, the Common Name in the client’s copy of the certificate is only

compared to the Common Name in the copy of the client certificate on the server, so Common

Name can be any value.

3. Visit the website of an SSL Certificate Authority (CA) to submit the cert.csr file to the CA.

4. Once the CA returns your signed certificate (usually in email), go to the section “Preparing a

Signed CA Certificate for Installation” on page 177.

Generating a Self-Signed Certificate

To generate a self signed certificate in PEM format:

1. Generate a self-signed x509 format certificate by entering this command:

openssl req -new -x509 -newkey rsa:1024 -out selfcert.pem -days 1095

This creates a self-signed certificate (selfcert.pem) that will be valid for 1095 days (about three

years) and also generates a new private key to be output into a file named privkey.pem. The key

length you use (1024 in this example) can be any multiple of 8. If you already have a private

key, use -key filename instead of -newkey rsa:1024 to specify the file containing the private

key. The key length you use (i.e., 1024 in this example) can be any multiple of 8.

After generating the private key, the following prompts are displayed (example responses

shown):

Enter PEM pass phrase: <password>

Verifying - Enter PEM pass phrase: <password>

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:New York

Locality Name (eg, city) []:Millerton

Organization Name (eg, company) [Internet Widgits Pty Ltd]:CPS Inc.

Organizational Unit Name (eg, section) []:Engineering

Common Name (eg, YOUR name) []:myclient.example.com

Email Address []:admin@example.com

Depending on the tool you use to create the certificate, you may also be asked for a challenge

password and other optional information. Make sure you remember the password (and, if

prompted, the challenge password) you specify, as you will need it to install the certificate.

The Common Name provided must be the DNS-resolvable fully qualified domain name

(FQDN) used by the Equalizer cluster. For a server certificate, when the client receives the

certificate from the server, the browser will display a warning if the Common Name does not

match the hostname of the request URI. For a client certificate, the Common Name in the

client’s copy of the certificate is only compared to the Common Name in the copy on the

server, so this can be any value.

2. Combine the private key and certificate into one file, using a command like the following:

cat selfcert.pem privkey.pem > clustercert.pem

3. You can now install your self signed certificate and private key file, clustercert.pem, on

Equalizer and your clients, as appropriate.