To create a self-signed certificate, complete the following steps:
Step 1: Create CA certs. By default, the certificate will remain valid for a period of one month.
openssl req -nodes -new -newkey rsa:2048 -x509 -keyout CA.key -out CA.cert -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=Cloud/CN=*"
Or, the number of days the certificate will remain valid can be modified by adding a flag possessing a specified time period to the OpenSSL command. In the example below, we have added the -days 365 flag to change the period of time the certificate will remain valid from the default value to a period of one year.
openssl req -nodes -new -days 365 -newkey rsa:2048 -x509 -keyout CA.key -out CA.cert -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=Cloud/CN=*"
Step 2: Create Key and CSR.
openssl req -batch -new -newkey rsa:2048 -nodes -keyout server.key -out rpz.csr -subj "/C=IN/ST=KA/L=Bglr/O=Infoblox/OU=SAAS/CN=*"
Step 3: Create Server cert by signing using CA certs. The certificate is good for 1 month by default.
openssl x509 -in rpz.csr -out server.cert -CAkey CA.key -CA CA.cert -req -CAcreateserial
Or, the the number of days the certificate will remain valid can be modified by adding a defined time period to the OpenSSL command. In the example below we're adding the flag -days 365 to the command which will change the time period from its default value to a time period of one year.
openssl x509 -in rpz.csr -out server.cert -CAkey CA.key -CA CA.cert -req -CAcreateserial -days 365
Step 4: Combine cert and key to single pem file to upload in UI.
cat server.cert server.key > server.pem
Step 5: Use CA.cert in the NIOS appliance to configure Secure TCP.
- For information on configuring RPZ logs in NIOS, see /wiki/spaces/nios84/pages/44540236.
- For information on SCP Credentials for DNS query logs transfer, see /wiki/spaces/nios84/pages/44506297.