What To Do
1. Generate a Private Key (Note: Do not execute this command on an NSG command line. Use a Linux or Windows system with openssl installed)
Here are some examples:
openssl genrsa -des3 -out <private key file name>.key 2048
openssl genrsa -aes128 -out <private key file name>.key 2048
openssl genrsa -aes256 -out <private key file name>.key 2048
openssl genrsa -aes256 -out <private key file name>.key 4096
The encryption algorithm and key-length can be modified as desired.
2. Generate a CSR (Certificate Signing Request)
openssl req -new -key <private key file name>.key -out <csr file name>.csr
Note the request for the different Siging Company. e.g, verisign : no email address,challenge password or optional company.
3. Upload the csr to the signing company.
Note if you copy the text please dont copy the text to microsoft word. Use notepad or vi
4. Generate the PKCS12 file.
openssl pkcs12 -export -in <the file you got from the signing company>.crt -inkey <private key file name>.key -out <your filename>.p12
5. Import the PKCS12 file.
- Go to the Web Application Firewall and select Certifcate Management | New certificate.
- Upload File type: PKCS12. Choose the file <your filename>.p12 and save
6. (Optional) If the signing company use an intermediate ca, upload the ca.
- Go to the Web Application Firewall and select Certifcate Management | Certificate Authority | Import Ca
- Upload the Verification CA as a PEM file.
7. If you have PEM files, use the following:
- Using
openssl, the command is…
-
openssl pkcs12 -export -in xxxx.pem -inkey xxxx.pem -out xxx.p12 -passout pas:newpassword -name "newname