xp_newbie@yahoo.com
11-27-07, 01:29 PM
In my search for avoiding the expense of buying a certificate only to
authenticate myself to myself (LOL), I found this posting by David
Kelly which was never answered:
http://tinyurl.com/3dfxhl
or (concatenate lines to get a usable URL):
http://groups.google.com/group/comp.dcom.vpn/browse_frm/thread/
198b9f00e07639b5/1bcae057985d5852?
hl=en&lnk=st&q=certificate+netgear+VPN#1bcae057985d5852
For the benefit of all I am posting here the answers I found so far on
the web:
The NETGEAR manuals themselves say:
"To generate self-signed credentials, the open source applications ssh-
keygen and openssl can be used to create the seven files used to form
the security certificates and authentication keys. Both of these
applications are well documented by the open source community."
FYI, any respectable linux distro includes the utilities ssh-keygen
and ssh-keygen.
More detailed instructions can be found in the following blog:
http://tinyurl.com/28rxvl
or
http://blog.taragana.com/index.php/archive/openssl-how-to-create-self-signed-certificate/
A very concise summary of the above:
(1) First you need to create a private key (in the file ca.key) which
will be used to generate the CSR or self-signed certificate:
openssl req -new -key ca.key -out ca.csr
This creates a CSR file named ca.csr using the ca.key key file. You
can submit this file to certification authority. However, the NETGEAR
FVS328 itself can generate this file for submission, thus we haven't
gained much using this step. The next one is what I was looking for:
(2) You can create a self-signed certificate for your own servers
using the procedure below:
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out
ca.crt
Notes:
1. Replace 365 with the number of days you want the certificate to be
valid.
2. You must first create a CSR (see above) before you run this command
HTH someone :-)
Alex
authenticate myself to myself (LOL), I found this posting by David
Kelly which was never answered:
http://tinyurl.com/3dfxhl
or (concatenate lines to get a usable URL):
http://groups.google.com/group/comp.dcom.vpn/browse_frm/thread/
198b9f00e07639b5/1bcae057985d5852?
hl=en&lnk=st&q=certificate+netgear+VPN#1bcae057985d5852
For the benefit of all I am posting here the answers I found so far on
the web:
The NETGEAR manuals themselves say:
"To generate self-signed credentials, the open source applications ssh-
keygen and openssl can be used to create the seven files used to form
the security certificates and authentication keys. Both of these
applications are well documented by the open source community."
FYI, any respectable linux distro includes the utilities ssh-keygen
and ssh-keygen.
More detailed instructions can be found in the following blog:
http://tinyurl.com/28rxvl
or
http://blog.taragana.com/index.php/archive/openssl-how-to-create-self-signed-certificate/
A very concise summary of the above:
(1) First you need to create a private key (in the file ca.key) which
will be used to generate the CSR or self-signed certificate:
openssl req -new -key ca.key -out ca.csr
This creates a CSR file named ca.csr using the ca.key key file. You
can submit this file to certification authority. However, the NETGEAR
FVS328 itself can generate this file for submission, thus we haven't
gained much using this step. The next one is what I was looking for:
(2) You can create a self-signed certificate for your own servers
using the procedure below:
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out
ca.crt
Notes:
1. Replace 365 with the number of days you want the certificate to be
valid.
2. You must first create a CSR (see above) before you run this command
HTH someone :-)
Alex