User`s guide
Certificate Management
Chapter 16 Configuration Menu Interface 257
Certificate Management
Upload a Server Certificate
To upload a server certificate, use either of these methods,
• Use the Upload Server Certificate menu. This menu is displayed only
when running configmenu on the serial console of the Digi Passport
unit. (Running configmenu on CLI via Telnet or SHI does not display
this menu.)
• Use the scp command to copy your server.pem file to /tmp/cnf/etc. To
make this change permanent, run the saveconf command from the
command line interface.
Create/Use a Server Certificate
To use your server certificate for the Digi Passport unit, after replacing the
original server.pem file on /tmp/cnf/etc with your own file, import an SSL
certificate for the HTTPS interface.
1. Download the latest openssl package.
2. Install the openssl package:
# cd /work/
# tar -xvzf openssl-0.9.7c.tar.gz
# cd openssl-0.9.7c
# ./config
# make
# make test
# make install
3. Edit the openssl configuration file:
# vi /usr/share/ssl/openssl.cnf
4. In the openssl.cnf file, modify the [req_distinguished_name] section
Refer to sample openssl.conf file (openssl.conf.digi).
5. Modify the [req_attributes] section as follows:
challengePassword_min =0
challengePassword_max =0
6. Make self-signed Root CA(Certificate Authority):
# cd /work/openssl-0.9.7c/
# mkdir CA
# cd CA
# sh /usr/local/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
; (Press Enter to use default value)
Making CA certificate ...
; openssl is called here as follow from CA.sh
; openssl req -new -x509 -keyout ./demoCA/private/./cakey.pem \
; -out ./demoCA/./cacert.pem -days 365