beautypg.com

Guralp Systems CMG-DCM User Manual

Page 49

background image

Operator's guide

are used by openssl to generate prompt strings and need not be

changed. If you need to enter two separate values for the same

key (as organizationalUnitName above) you should prefix

the pairs with 0., 1., etc., as shown.

5. Generate a certificate request with

openssl req -new -key slot01.key -days validity-period

-config config-file -out slot01.req

where validity-period is the number of days' validity you

want for the request, and config-file is the configuration file

you created in the previous step.

The file slot01.req is a certificate request for the key pair

generated. You should send this file by e-mail to the
Certification Authority, so that they can generate a valid

certificate from it.

6. When you receive the certificate, install it in the

/etc/libcd11 directory as slot01.crt. Also create the key

ID file slot01.kid. (The key ID file is simply a text file

containing the key ID as a single decimal number. You can use

any key ID number as long as it is unique for each key. It is used
in the key bucket file, described below.)

7. The AM is now ready to start signing outgoing CD1.1 subframes.

However, you will need to configure the format of these
subframes by editing the /etc/cd11sf.cfg configuration file.

If you intend to use CNSN authentication, you should also edit

the /etc/cnsn.cfg configuration file. The AM's configuration

files can be edited using its Web page interface or with an
editor.

8. Any further key changes can be handled automatically over

AutoDRM. However, occasionally you may want to supersede
an existing key, or create a new key for a separate stream.

Keys are handled by a system of

key buckets. Each key bucket

consists of a list of keys and activation times. Once the
activation time for a new key passes, the previous key is

superseded, and subsequent subframes are signed by the new
key. You can have a different key bucket active for each stream,

or even several key buckets for the same stream.

Key buckets are stored in the files 0.bkt, 1.bkt, etc., within

the /etc/keybuckets directory. Each line in a key bucket file

December 2006

49

See also other documents in the category Guralp Systems Equipment: