Open a terminal / command line and log in as the root user. Normally, this is done using the
sucommand.Enter the following command in one line:
openssl req -x509 -newkey rsa:2048 -days 730 -new -nodes -outform PEM -keyform PEM -keyout /etc/ipsec.d/private_key.pem -out /etc/ipsec.d/cert.pemThe key pair is calculated and the system will request the certificate data. The entered values are not relevant in this function, they only have to be unique on all systems connected by VPN. We advise against using special characters such as accents or umlauts.
Generating a 2048 bit RSA private key .................................................................. .....................................+++...+++ writing new private key to 'private_key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:DE State or Province Name (full name) [Berkshire]:BW Locality Name (eg, city) [Newbury]:Tuebingen Organization Name (eg, company) [My Company Ltd]:Intra2net Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:MyComputerName Email Address []:
The certificate is now valid for 2 years (730 days) and is located in the
/etc/ipsec.d/cert.pemfile. The private key is in the/etc/ipsec.d/private_key.pemfile. To modify the validity period, use the-daysparameter in the command line.Open the
/etc/ipsec.d/cert.pemfile, copy the content to the clipboard and import it into the Intra2net system under System > Key > Foreign keys.In the Intra2net system, navigate to System > Keys > Own Keys : Data. Select the appropriate certificate and export it to a file using the "" menu item. Save it to the Linux computer, e.g. to
/etc/ipsec.d/intra2netserver.pem.