User manual
Virtual Private Networking
220
Some certificate authorities (CA) distribute certificates in a PKCS12 format file. This
format combines the CA certificate, local public certificate and local private key certificate
into one file. These certificates must be extracted before uploading them to the SG unit;
see Extracting certificates further on.
If you do not have access to certificates issued by a certificate authority (CA), you may
create self-signed certificates; see Creating certificates further on.
The OpenSSL application
The remainder of this section requires OpenSSL application, run from a Windows
command prompt (Start -> Run -> type cmd) or Linux shell prompt.
A Windows version of OpenSSL is provided in the openssl directory of the SG CD.
Ensure that this directory is in your execution path, or copy all files from this directory into
a working directory on your hard drive.
For other operating systems, OpenSSL is available for free download at:
http://www.openssl.org/
Extracting certificates
To extract the CA certificate, run:
openssl pkcs12 -nomacver -cacerts -nokeys -in pkcs12_file -out
ca_certificate.pem
.. where pksc12_file is the PKCS12 file issued by the CA and ca_certificate.pem is the
CA certificate to be uploaded into the SG unit.
When the application prompts you to Enter Import Password, enter the password used
to create the certificate. If none was used simply press enter.
To extract the local public key certificate type, enter the following at the Windows
command prompt:
openssl pkcs12 -nomacver -clcerts -nokeys -in pkcs12_file -out
local_certificate.pem
.. where pksc12_file is the PKCS12 file issued by the CA and local_certificate.pem is
the local public key certificate to be uploaded into the SG unit.