Remove a passphrase from a key, Generate a self-signed certificate, Verifying a self-signed certificate – HP StoreFabric Converged Network Adapters User Manual
Page 14

Installing BACS components on Microsoft and Linux operating systems 14
7.
Select WinRM Service, and then enable Allow Basic Authentication.
Generating a self-signed certificate for Microsoft and Linux servers
Use Openssl to create a self-signed certificate. Openssl is available on both Microsoft Windows and Linux
operating systems.
To create a self-signed certificate on Microsoft Windows:
1.
Generate a private key:
openssl genrsa –des3 –out server.key 1024
2.
Enter a passphrase at the prompt. Be sure to record the passphrase.
3.
Generate a CSR:
openssl req –new –key server.key –out server.csr
4.
At the prompt for a common name, enter the Microsoft Windows Server hostname or IP address.
5.
Enter a value for all bolded parameters at the prompt for certificate information.
Remove a passphrase from a key
1.
Run cp server.key server.key.org.
2.
Run openssl rsa -in server.key.org -out server.key.
Generate a self-signed certificate
To generate a self-signed certificate that is valid for 365 days:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
The following example shows the output from the command:
Signature ok
subject=/C=US/ST=Texas/L=Houston/O=Hewlett-Packard/OU=Engineering/CN=MGM
TAPP- LAB3/emailAddress=
Verifying a self-signed certificate
To verify a self-signed certificate, run openssl verify server.crt.
The following example shows the output from the command:
server.crt:/C=US/ST=Texas/L=Houston/O=Hewlett-Packard/OU=Engineering/CN=
MGMTAPP- LAB3/emailAddress=
If an error message appears, such as Error 18 at 0 depth lookup:self signed certificate,
ignore the message. The error indicates the certificate is self-signed.
Converting the certificate from crt to pkcs12 format
For Microsoft Windows Server, configure the certificate in the pkcs12 format.
To convert the certificate to pkcs:
1.
Run openssl pkcs12 -export -in server.crt -inkey server.key -out hostname.pfx.
2.
Enter a user name and password at the prompt.