Westermo MR Series User Manual
Page 64
64
6622-3201
Web Interface and Command Line Reference Guide
www.westermo.com
Using Text Commands
From the command line the genkey command can be used to generate a private key. To generate a
private key, enter the command
genkey
where:
is the size of the key in bits
is the name of the private key file
<-ssh1>
is optional, and will generate the private key file in SSH version 1 format
For example, to generate a 1024 bit SSH version 2 key called privkey.pem, enter:
genkey 1024 privkey.pem
You will see the following output:
OK
Starting 1024 bit key generation. Please wait. This may take some
time...
\Key generated, saving to FLASH file privkey.pem
Closing file
Private key file created
All tasks completed
From the command line, the creqnew command can be used to generate a certificate request. If the
private key does not already exist, and the appropriate parameters are entered, the key will be gen-
erated at the same time.
To generate a certificate request, enter the command:
creq new
To generate a private key and a certificate request, enter the command:
creq new
The parameters and values are:
Parameter
Values
Equivalent Web Parameter
-b
number
New Key Size
-k
text
Private key filename
-o
text
Certificate request filename
For example, to generate a certificate request file called “request.pem” from a private key called
“priv001.pem”, enter:
creq new -kpriv001.pem -o request.pem
To generate a 512 bit private key called “private.pem”, and generate a certificate request called “cer-
treq.pem” using that file, enter:
creq new -b512 -kprivate.pem -ocertreq.pem
Private key fi les - Splitting Certifi cates
For increased security there is the option of splitting the private key file between the Westermo
flash and a USB memory stick. Once a private key has been split and stored in 2 parts, the USB
memory stick must be present for any successful IKE negotiations that involve the private key. As
the USB memory only contains a part of the private key, it cannot be used in another unit.
The command to split a private key is:
privsplit