beautypg.com

Generating device keys, Generating csrs – Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual

Page 134

background image

134

Generating RSA private key, 2048 bit long modulus (2 primes)
...........................+++++
...+++++
e is 65537 (0x010001)
Enter pass phrase for CA_KEY.PEM:

(password is entered here)

Verifying - Enter pass phrase for CA_KEY.PEM:

(password is entered here)


The program will ask for a passphrase (password) for the key. Enter at least 4 characters and
make a note of it, because this password will be needed for signing certificates.
The next step is to generate the CA Certificate from the key. One important parameter is long
the certificate validity will be. In this example, the certificate will be written to

CA_CERT.PEM

, and the certificate validity will be set to 3650 days (10 years):

openssl req -x509 -new -nodes -key CA_KEY.PEM -sha256 -days 3650 -out CA_CERT.PEM

Enter pass phrase for CA_KEY.PEM:

(password is entered here)

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:

US

State or Province Name (full name) [Some-State]:

Illinois

Locality Name (eg, city) []:

Champaign

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Cobalt Digital

Organizational Unit Name (eg, section) []:

Compression

Common Name (e.g. server FQDN or YOUR name) []:

CA-SERVER

Email Address []:

[email protected]


You can fill the fields as you wish but do not leave the Common Name blank. The Email
Address field can be left blank.
If you intend to use this as the CA for Cobalt devices, upload the

CA_CERT.PEM

file using the

procedure illustrated in Figure 9.

Generating Device Keys

The following command generates an RSA key and writes it to

RSA_KEY.PEM

:

openssl genrsa -out RSA_KEY.PEM 2048

Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
...........+++++
e is 65537 (0x010001)


The following command generates an ECDSA key and writes it to

ECDSA_KEY.PEM:

openssl ecparam -name secp521r1 -genkey -param_enc explicit -out ECDSA_KEY.PEM

(No output is generated in the terminal.)

Generating CSRs

In order to have certificates signed by your CA, you will need to generate a CSR for each key.
The CSR generation procedure is the same for RSA and ECDSA keys. In the example below,
we are generating a CSR for the key in

RSA_KEY.PEM

and writing it to

RSA_CERT.CSR:

openssl req -new -key RSA_KEY.PEM -out RSA_CERT.CSR

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank