Appendix C. Getting started with SSL certiîš´cates
This topic provides a beginner-level description of the process for obtaining SSL certiîš´cates so you can
implement secure communications (HTTPS) on your tape library.
To summarize the process, you will:
1. Install OpenSSL, if it’s not already installed.
2. Generate a private key. A private key is used to create a digital signature for the library web server. This
îš´le should be kept secure, as anyone with access to it may be able to gain access to the web server.
3. Generate a certiîš´cate. The certiîš´cate includes a public key that works together with your private key.
Depending on your security requirements, you can generate either:
• A certicate signing request (CSR), which is a certicate in a format that can be sent to a CA
(certiîš´cate authority) for signing.
• A self-signed certicate.
4. Create a certiîš´cate package.
5. Upload the certiîš´cate package to the tape library.
Examples of the most common OpenSSL command options are provided here. Refer to the OpenSSL
command help for additional options.
Working with OpenSSL
OpenSSL is an open-source software library that is widely used to generate and manage certiîš´cates.
OpenSSL is recommended to ensure compatibility with development and support.
Installing OpenSSL
The installation procedure depends on your operating system:
• Windows users – There are several versions of OpenSSL for Windows. One such product is Win32
OpenSSL. Additional options can be found in the OpenSSL Binaries wiki. When installing, accept the
default installation settings.
• Linux users – Refer to the OpenSSL Downloads page for the latest version.
Conîš´guring OpenSSL
OpenSSL requires a master conîš´guration îš´le (openssl.cnf) to generate a certiîš´cate. If this îš´le is not
included in your installation, you will receive an error message that mentions openssl.cnf. Follow these
steps to add the îš´le:
1. Obtain a conguration le. If you don’t have one locally, MIT (Massachusetts Institute of Technology)
provides a generic conguration le that you can use. You don’t need to make any changes to the le
at this time. After you become more familiar with OpenSSL, you may want to customize some of the
settings.
2. Save the îš´le to your computer in the following directory:
Windows
C:\Program Files (x86)\Common Files\SSL\
Linux
/etc/pki/tls/
IBM Conîš´dential
©
Copyright IBM Corp. 2017, 2023 185
To Next Page
Loading...
Need help?
General
