Generating a crl – HP Traffic Director sa7220 User Manual

A P P E N D I X B

HP Traffic Director Server Appliances User Guide

264

Generating a CRL

NOTE: To acquire a
copy of OpenSSL for your
environment, access the
OpenSSL website at
http://www.openssl.org.

This procedure shows how to generate a Certificate Revocation List
(CRL) using OpenSSL:

1. If you have not already done so, create a working directory where

all the keys and certificates will be stored.

NOTE: Most of these
commands use the
openssl.cnf file. Make
sure the information
presented in this file is
accurate and that it
reflects the directory
structure used. Filenames
and directory names are
both important for these
commands to work
properly. For more
information on how to use
openssl, visit http://
www.openssl.org.

2. If you have not already done so, copy the file

openssl.cnf

from the openSSL source directory.

3. Create a private key for the SA8220 CA certificate by typing this

command:

openssl genrsa -out ca_key.pem 1024

4. Create the CA certificate SA8220 by typing this command:

openssl req -new -x509 -config openssl.cnf -key

ca_key.pem -out ca_cert.pem

5. Import this file to the SA8220.

6. Create a private key for the signing request by typing this

command:

openssl genrsa -out clientkey1.pem 1024

7. Generate a signing request by typing this command:

openssl req -new -config openssl.cnf -key

clientkey1.pem -out clientrequest1.pem

8. Repeat steps (6) and (7) above for each additional client

certificate, incrementing

clientrequest1.pem

by one digit

each time.

9. Sign all the requests generated above by typing this command:

openssl ca -keyfile ca_key.pem -cert ca_cert.pem

-infiles clientrequest1.pem clientrequest2.pem

clientrequest3.pem ...

10. For all client certificates, create a CRL by typing this command:

openssl ca -gencrl -out crl.pem

11. Import this file to the SA8220.