General Information
This guide will show you how to generate a self-signed certificate with openssl and how to correctly enable HTTPS with your beroNet Gateway.
In this example I will use a UNIX system, but you can use any supported system.
...
First you will need to generate the private key for your CA (Certification Authority or Zertifizierungsstelle). You will sign the certificates with this key later.
...
Info |
---|
Recommended: Copy the commands and change the values accordingly in a text editor or in the command line. |
Code Block |
---|
openssl req -new -nodes -newkey rsa:20481024 -keyout beronet.key -out beronet.req -batch -subj "/C=DE/ST=Berlin/L=Berlin/O=beroNet CA/OU=beroNet/CN=172.20.30.121" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=IP:172.20.30.121")) |
openssl req -new -nodes -newkey rsa:20481024 \
-keyout beronet.key -out beronet.req \
-batch -subj "/C=DE/ST=Berlin/L=Berlin/O=beroNet CA/OU=beroNet/CN=172.20.30.121" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=IP:172.20.30.121"))
1.3 Sign the Certificate With the CA (beronet.crt)
...
openssl x509 -req -in beronet.req -CA root.crt -CAkey root.key -CAcreateserial -out beronet.crt -days 365 -sha256 -extfile <(printf "subjectAltName=IP:172.20.30.121")
This certificate will be valid for one year. If you want to increase the time, change the value for the parameter -days.
...