Support User Manuals

WatchGuard Technologies SSL VPN Water Heater User Manual

Open as PDF

of 198

Unencrypting the Private Key

154 Firebox SSL VPN Gateway

12 Click Next to start the installation.

After Cygwin installs, you can generate the CSR.

These instructions to generate a CSR assume that you are using the Cygwin UNIX environment installed

as described in “To install Cygwin” on page 153.

To generate a CSR using the Cygwin UNIX environment

1 Double-click the Cygwin icon on the desktop.

A command window opens with a UNIX bash environment.

2 To change to a particular drive, use the command: cd driveLetter:

3 At the $ prompt, type the following to generate a CSR:

openssl req -new -nodes -keyout privateKeyFilename -out certRequestFilename

For example:

openssl req -new -nodes -keyout private.key -out public.csr

Status messages about the private key generation appear. You are prompted for information such

as country name.

4 When prompted for the Common name, enter the DNS name of the Firebox SSL VPN Gateway.

The name that you enter appears on the certificate and must match the name expected by

computers that connect to the Firebox SSL VPN Gateway. Thus, if you alias DNS names, you need to

use the alias name instead.

5 Submit your CSR (public.csr) to an authorized Certificate Authority such as Verisign. When asked for

the type of server that the certificate will be used with, select Apache.

Note

If you select “Microsoft,” the certificate might be in PKCS7 format and you will need to follow the

procedure in “Converting to a PEM-Formatted Certificate” on page 155 to convert the certificate to a

PEM format.

Unencrypting the Private Key

The following procedure is not needed if you use the Cygwin UNIX environment to generate the CSR

and private key. Follow this procedure only if the method you use to generate the private key results in

an encrypted key.

To unencrypt the private key

1 At the $ prompt enter the command: openssl rsa

If you enter this command without arguments, you are prompted as follows:

read RSA key

2 Enter the name of the password to be encrypted.

You can enter the openssl rsa command with arguments if you know the name of the private key

and the unencrypted PEM file.

For example, if the private key filename is my_keytag_key.pvk and the unencrypted filename is

keyout.pem, enter openssl rsa -in my_keytag_key.pvk -out keyout.pem.

For more information, see the Open SSL Web site at http://www.openssl.org/docs/apps/rsa.html#EXAM-

PLES.

previous next