Example: Using the OpenSSL encryption library
This example shows the steps to configure CM to listen for SSL connection using the OpenSSL encryption library.
About this task
Use the openssl utility of your OpenSSL installation.
Procedure
-
Create a private key for the self-signed certificate:
$ openssl genrsa -out cm1key.pem
Create the self-signed certificate using the private key$ openssl req -new -x509 -key cm1key.pem -subj "CN=`hostname`" -days 3650 -out cm1cert.pem
Put the private key and the self-signed certificate into a single PEM file$ cat cm1key.pem cm1cert.pem > filewithcertificatetoimport.pem
-
Create the keystore file to contain the private key and certificate that are contained in a PEM
file:
$ openssl pkcs12 -export -in filewithcertificatetoimport.pem -name cm1ListeningCert -passout pass:test -out cm1.p12
-
Create the stash file to contain the encrypted keystore password:
onkstash cm1.p12 test
-
In cm1's config file set "SSL_LABEL" to the certificate's label:
SSL_LABEL cm1ListeningCert