beautypg.com

Zilog EZ80F91AZA User Manual

Page 49

background image

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

43

required, a public/private key pair). Third party utilities can also be used to generate these
items.

The first step is to generate a self-signed root certificate that will terminate the certificate
chain. Generating this root certificate will generate a server certificate that will be signed
with the root certificate, as the following instruction shows.

1. Generate a self-signed RSA (512-bit) certificate.

In the following example, the interactive mode of the

OpenSSL

req

command is used

to enter information about the issuer. This information can also be provided in a con-
figuration file.

OpenSSL> req -newkey rsa:512 -x509 -nodes -out Root.crt -keyout

RootKey.txt -set_serial 0x01 -days 365

Loading 'screen' into random state - done

Generating a 512 bit RSA private key

....++++++++++++

...++++++++++++

writing new private key to 'RootKey.txt'

-----

You are about to be asked to enter information that will be

incorporated into your certificate request.

What you are about to enter is what is called a Distinguished

Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:CA

Locality Name (e.g., city) []:San Jose

Organization Name (e.g., company) [Internet Widgets Pty

Ltd]:Zilog

Organizational Unit Name (e.g., section) []:.

Common Name (e.g., YOUR name) []:ZTP SSL CA

Email Address []:.

This command generates a 512-bit RSA self-signed certificate with the subject and
issuer common name set to

ZTP SSL CA

. The certificate will be valid for 365 days

starting from the current date, and the certificate’s serial number will be set to

01

. The

X.509 certificate that is generated will be in PEM (i.e., Base64 ASN.1 DER data) and
stored in a file named

Root.crt

. A PEM-encoded RSA private key file will also be

generated and stored in a file named

RootKey.txt

. The

-nodes

option directs the

This manual is related to the following products:
See also other documents in the category Zilog Sensors: