Issue certificates for users or devices

  1. Create a key for the device or user with the command: genrsa -out device.key 2048 This command creates the file 'device.key' in the current directory.
  2. Create a certificate request for the device or user with the command: req -key device.key -new -subj /CN=DEVICE -out device.req This command creates the file 'device.req' in the current directory.
    Important: In addition to this command, further changes to the file "openssl.cnf" are required to define an extension.
  3. Create a certificate from the certificate request with the command: x509 -extfile openssl.cnf -req -in device.req -CAkey ca.key -CA ca.crt -CAcreateserial -days 90 -out device.crt This command signs the certificate request 'device.req' with the key 'ca.key' and then issues the certificate 'device.cert'. The configuration file openssl.cnf is also involved in the procedure.
  4. Export the certificate for the device or user with the command: pkcs12 -export -inkey device.key -in device.crt -certfile ca.crt -out device.p12 This command combines and saves the key 'device.key', the device certificate 'device.crt’ and the root certificate ‘ca.crt’ to the file 'device.p12'. This PKCS#12 file can be uploaded directly to the required device.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo