• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /netgear-R7000-V1.0.7.12_1.2.5/ap/gpl/gsoap/source_build_platform/gsoap/samples/ssl/
1
2The SSL-enabled services are compiled with -DWITH_OPENSSL -DWITH_GZIP and
3linked with -lgsoapssl -lssl -lcrypto -lz
4
5How to generate self-signed root certificate and client.pem/server.pem with
6certificates signed by the root CA for deployment in clients and servers.
7
8Create a 'CA' directory and copy openssl.cnf, root.sh, and cert.sh to this
9dir.
10
11Change dir to 'CA'.
12
13Modify the openssl.cnf file in the [req_distinguished_name] section for the
14following items:
15
16[ req_distinguished_name ]
17countryName_default             = US
18stateOrProvinceName_default     = Your-State
19localityName_default            = Your-City
200.organizationName_default      = Your-Company-Name
21emailAddress_default            = your-email@address
22
23If you are going to use these settings often, add this line to your .cshrc:
24setenv OPENSSL_CONF $HOME/CA/openssl.cnf
25
26To generate the root CA:
27
28./root.sh
29
30When prompted, choose a passphrase to protect the CA's private key that you
31are about to generate. You need the passphrase again when you sign
32certificates with the CA's private key.
33
34Save the root.pem key and the passphrase in a safe place (don't distribute!).
35
36Now you got the root.pem with the CA's keys and the cacert.pem certificate of
37the CA (for distribution).
38
39The root.pem and cacert.pem are valid for three years. Don't repeat this step
40until the certificate expires.
41
42Next, we will generate the server.pem key file:
43
44./cert.sh server
45
46Enter a password when prompted and enter the host or simply "localhost" for
47the domain of the server application. The password is used to lock the private
48key of the server and will therefore be needed by your server application to
49unlock the private key in the server.pem when needed for secure
50communications. Use the root CA passphrase when prompted to sign the server
51certificate.
52
53When applicable, repeat the procedure for the client (use a fresh password and
54select a host for the client application):
55
56./cert.sh client
57
58The client.pem and server.pem keys are valid for one year. Do not distribute
59them (they include the private key, which is encrypted with the passwords
60you selected which is not very secure). They are used ony locally by the SSL
61application. Only distribute the CA certificate.
62
63Required files in HOME/CA directory:
64
65openssl.cnf
66root.sh
67cert.sh
68
69Files generated:
70
71cacert.pem      root's certificate for distribution, to verify authentication
72root.pem        root CA (to sign client/server key files, do not distribute!)
73rootkey.pem     private key (do not distribute!)
74rootreq.pem     sign request
75root.srl        serial number
76
77client.pem      client key file (do not distribute)
78clientkey.pem   private key (do not distribute)
79clientreq.pem   sign request
80
81server.pem      server key (private key and certificate, do not distribute)
82serverkey.pem   private key (do not distribute)
83serverreq.pem   sign request
84
85To print the contents of a PEM file:
86
87openssl x509 -text -in file.pem
88
89