54.2. Certificate for the Lancom device

  1. Download the "Tool to create certificates" (makecert) from the Intra2net system under Information > Download, and unpack it into a directory on your computer.

  2. Lancom routers cannot create its own certificates. This is therefore done by makecacert on a PC. Start the makecacert.bat batch file

    C:\makecert>makecacert
    
    C:\makecert>openssl req -x509 -newkey rsa:2048 -days 730 -new -nodes -config 
    openssl.cnf -outform PEM -keyform PEM -keyout privatekey.pem -out newcert.cer
    Using configuration from openssl.cnf
    Loading 'screen' into random state - done
    Generating a 2048 bit RSA private key
    ........................+++
    ...............................................................+++
    writing new private key to 'privatekey.pem'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
  3. Now enter the router data. For some fields there is a default value in square brackets. If you want to use it, just press Return. Do not use umlauts or other special characters, as otherwise problems may occur. The "common name" (or "computer name" on the Intra2net system) must be unique and must not be reused for other clients or for a CA.

    [Tip]Tip

    It is recommended to enter as little data as possible here (e.g. only the common name), as these must be entered again identically when configuring the connection.

    Country Name (2 letter code) []:
    State or Province Name (full name) []:
    Locality Name (eg, city) []:
    Organization Name (eg, company) []:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:lancom
    Email Address []:
    
    C:\makecert>openssl pkcs12 -export -in newcert.cer -inkey privatekey.pem 
    -out newcert.p12
    Loading 'screen' into random state - done
  4. Select an export password that protects the key file on the way to the router. The password must be at least 3 characters long.

    Enter Export Password:
    Verifying password - Enter Export Password:
    
    C:\makecert>del privatekey.pem
  5. Start the LANconfig program to configure the router. The router must be recognized by LANconfig.

  6. Open the context menu Configuration Management, and submenu Upload Certificate or File.

  7. Select the newkey.p12 file you just created with the makecacert program. Set the certificate type to VPN - Container as PKCS#12 file and enter the export password previously specified.

  8. Open the certificate file (newkey_cert.cer) with a text editor (e.g. Wordpad) and copy the entire contents of the file to the clipboard. In the Intra2net system open the menu System > Keys > Foreign keys and create a new key. Enter a name for the key (e.g. the name of the router) and then paste the certificate data from the clipboard into the field Copy & paste certificate.