To create a self-signed certificate, complete do the following steps:
Step 1: Create a CA certs. By default, the certificate will remain valid for a period of one month.certificate:
openssl req -nodes -new -newkey rsa:2048 -x509 -keyout CA.key -out CA.cert -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=Cloud/CN=*"
Or, the number of days By default, the certificate will remain valid can be modified by adding a flag possessing a specified time period to the OpenSSL commandfor one month. To modify this period, add the -days flag. In the example below, we have added the -days 365 flag to change the period of time the certificate will remain valid from the default value to a period of one year.the flag specifies the period as one year:
openssl req -nodes -new -days 365 -newkey rsa:2048 -x509 -keyout CA.key -out CA.cert -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=Cloud/CN=*"
Step 2: Create Key Create a key and CSR.:
openssl req -batch -new -newkey rsa:2048 -nodes -keyout server.key -out rpz.csr -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=SAAS/CN=*"
Step 3: Create Server cert by signing using CA certs. The certificate is good for 1 month by default. Create a server certificate, and sign it with the CA certificate you created in step 1:
openssl x509 -in rpz.csr -out server.cert -CAkey CA.key -CA CA.cert -req -CAcreateserial
OrBy default, the the number of days the certificate will remain valid can be modified by adding a defined time period to the OpenSSL commandserver certificate is good for one month. To modify this period, add the -days flag. In the example below we're adding , the flag -days 365 to the command which will change the time period from its default value to a time period of one year. specifies the period as one year:
openssl x509 -in rpz.csr -out server.cert -CAkey CA.key -CA CA.cert -req -CAcreateserial -days 365
Step 4: Combine cert and key to single Combine the server certificate and the key into a single .pem file to upload be uploaded in the UI.:
cat server.cert server.key > server.pem
Step 5: Use Use CA.cert in the NIOS appliance to configure Secure the secure TCP.
- For information on configuring RPZ logs in NIOS, see /wiki/spaces/nios84/pages/44540236see Managing RPZs.
- For information on SCP Credentials credentials for transferring DNS query logs transfer, see /wiki/spaces/nios84/pages/44506297, see Capturing DNS Queries and Responses.