Cryptographic certificates are required to use the security features of the WAN transport. This section describes a mechanism to use the OpenSSL command line tool to generate a simple private certificate authority. For more information, see the manual page for the openssl tool (http://www.openssl.org/docs/apps/openssl.html) or the book, "Network Security with OpenSSL" by Viega, Messier, & Chandra (O'Reilly 2002), or other references on Public Key Infrastructure.
mkdir myCA
mkdir myCA/certs
mkdir myCA/private
mkdir myCA/newcerts
mkdir myCA/crl
touch myCA/index.txt
openssl req -nodes -x509 -days 1095 -newkey rsa:2048 \
-keyout myCA/private/cakey.pem -out myCA/cacert.pem \
-config openssl.cnf
openssl req -nodes -new -newkey rsa:2048 -config template.cnf \ -keyout peer1key.pem -out peer1req.pem
openssl ca -create_serial -config openssl.cnf -days 365 \ -in peer1req.pem -out myCA/newcerts/peer1cert.pem
cat myCA/newcerts/peer1cert.pem peer1key.pem \
$>${private location}/ peer1.pem
© 2015 RTI