User manual
Virtual Private Networking
208
The CyberGuard SG appliance only supports certificates in base64 PEM or binary DER
format.
Some certificate authorities (CA) distribute certificates in a PKCS12 format file. This
format combines the CA certificate, local public certificate and local private key certificate
into one file. These certificates must be extracted before uploading them to the
CyberGuard SG appliance; see Extracting certificates further on.
If you do not have access to certificates issued by a certificate authority (CA), you may
create self-signed certificates; see Creating certificates further on.
The OpenSSL application
The remainder of this section requires OpenSSL application, run from a Windows
command prompt (Start -> Run -> type cmd) or Linux shell prompt.
A Windows version of OpenSSL is provided in the openssl directory of the CyberGuard
SG CD. Ensure that this directory is in your execution path, or copy all files from this
directory into a working directory on your hard drive.
For other operating systems, OpenSSL is available for free download at:
http://www.openssl.org/
Extracting certificates
To extract the CA certificate, run:
openssl pkcs12 -nomacver -cacerts -nokeys -in pkcs12_file -out
ca_certificate.pem
.. where pksc12_file is the PKCS12 file issued by the CA and ca_certificate.pem is the
CA certificate to be uploaded into the CyberGuard SG appliance.
When the application prompts you to Enter Import Password, enter the password used
to create the certificate. If none was used simply press enter.
To extract the local public key certificate type, enter the following at the Windows
command prompt:
openssl pkcs12 -nomacver -clcerts -nokeys -in pkcs12_file -out
local_certificate.pem