Pandora: Documentation en: Tentacle: OpenSSLCertificates

From Pandora FMS Wiki
Jump to: navigation, search

1 OpenSSL Certificates Quick Guide

This is just a quick guide that will get you started with OpenSSL certificates. See http://www.openssl.org/docs/ for documentation.

1.1 Creating a Certificate

$ mkdir demoCA
$ mkdir demoCA/newcerts
$ mkdir demoCA/private

Create a self-signed CA certificate:

$ openssl req -new -x509 -keyout cakey.pem -out cacert.pem
$ mv cakey.pem demoCA/private/
$ mv cacert.pem demoCA/

Create a certificate request:

$ openssl req -new -keyout tentaclekey.pem -out tentaclereq.pem -days 360

Sign the certificate request:

$ cat tentaclereq.pem tentaclekey.pem > tentaclenew.pem
$ touch demoCA/index.txt
$ echo "01" >> demoCA/serial
$ openssl ca -out tentaclecert.pem -in tentaclenew.pem

1.2 Creating a Self-Signed Certificate

Simply run:

$ openssl req -new -x509 -keyout tentaclekey.pem -out tentaclecert.pem -days 360

1.3 Generating an RSA Private Key

This is very useful to avoid having to enter a password on the client side.

Generate the key:

$ openssl genrsa -out tentaclekey.pem

And substitude -keyout with -key on the steps above.