Creating Self-Signed SSL Certificate
APTARE recommends using OpenSSL open source software to create your self-signed certificate. For more information on OpenSSL, visit www.openssl.org. The following is an example using the Linux operating system.
You can create a self-signed certificate with multiple options depending on how you want to configure your certificate. APTARE recommends the following OpenSSL command to create a self-signed certificate. The command creates two files: server.key and server.crt. You must install these files on the StorageConsole web server.
openssl req -x509 -days 365 -sha1 -newkey rsa:1024 -nodes
-keyout server.key -out server.crt
-subj '/O=<CompanyName>/OU=<Department>/CN=<CommonName>'
where
-x509 is used to create a certificate as opposed to a certificate request that is sent to a certificate authority
-days determines the number of days that the certificate is valid
-sha1 specifies the type of encryption to be used
-newkey rsa:1024 sets the key as 1024-bit RSA
-nodes specifies that no passkey will be used
-keyout specifies the name of the key file
-out specified the name of the certificate file
<CompanyName> is the name of your company
<Department> is the name of your department
<CommonName> is the URL of the site that the certificate will be installed at. This may be the full URL, such as "aptareportal.site.com", or a partial URL, such as "*.site.com". APTARE, Inc. recommends using the latter; the latter must be used if the certificate is to be used when accessing the Portal and Data Collection.
Example:
openssl req -x509 -days 365 -sha1 -newkey rsa:1024 -nodes
-keyout server.key -out server.crt
-subj '/O=ABC Company/OU=IT/CN=*.abc.com'
Note: The use of the -nodes option in the previous comment creates a certificate that does not require a pass phrase. This makes it easier to install and use the certificate but weakens the security of the certificate. If the certificate is created with a pass phrase, it must be entered when the certificate is installed and used.
For more information on creating self-signed certificates using OpenSSL, refer to the FAQs and documentation on the OpenSSL site at www.openssl.org.
OpenSSL may also be used with the Windows operating system. Check the OpenSSL website for specific instructions. Note that the certificate is independent of the operating system under which it was created. A self-signed certificate created on a Linux computer may be installed on a Windows web server.