Chapter 4—Configuring the Library Configuring Optional Library Settings
August 2017 User Guide—Spectra T50e Library
121
CONFIGURING OPTIONAL LIBRARY SETTINGS
Thissectiondescribesoptionalconfigurationsettingsthatyoumayselect
touseforyourlibraryandoperatingenvironment.Ifyoumakechangesto
thesesettings,besuretomanuallybackupthelibraryconfigurationwhen
youarefinished(seeBackUptheLibraryConfigurationManuallyon
page116).
Install a Security Certificate and Authentication Key
IfyouenabledSSL(seeEnableSSLonpage108),usethefollowingstepsto
obtainandinstallasecuritycertificateandprivatekey.
1. Obtainasecuritycertificateandprivatekeyusingoneofthefollowing
methods:
Create a Self-Signed Certificate
Forexample,tocreateaself‐signedcertificateandauthentication
keyusingopenssl,usethefollowingcommand.
openssl req -x509 -nodes -days 365
-newkey rsa:2048 -keyout ssl.key -out ssl.crt
Theopenssl reqcommandisacertificaterequestandcertificate
generatingutility.Thefollowingparametersareusedinthe
example:
-x509‐Thisoptionoutputsaselfsignedcertificateinsteadofa
certificaterequest.
‐nodes‐Thisoptionspecifiesthattheprivatekeynotbe
encrypted.
-days n‐Whenthe-x509 optionisalsoused,thisoption
specifiesthenumberofdays(n)thatthecertificateisvalid.
-newkey rsa:nbits‐GeneratesanRSAkeynbitsinsize.The
LibrarysupportsRSAkeysinbitsof512,768,1024and2048.
-keyout filename ‐Thisoptionspecifiestheprivatekeyfile
name.
-out filename‐Thisoptionspecifiesthecertificatefilename.
The ssl.crt and ssl.key files can only contain ONE certification or key. The BlueScale
software does not support multiple keys (chaining keys) in the key or certificate
files. If there are multiple keys in the files, they are all considered invalid.
When generating a self signed certificate using openssl, use the -x509 command
line option. Loading a file without this option may cause the LCM to hang.
When generating a self signed certificate or a certificate signing request using
openssl, use the -nodes command line option to prevent the key from being
encrypted.
To Next Page
Loading...
