Generating a CA signed SSL certificate
This procedure assumes:
To generate the CA signed SSL certificate
1. At the Windows command prompt, go to the OpenSSL bin directory. If you installed to the default location this will be the following command:
cd c:\OpenSSL-Win32\bin
2. Enter the following command to generate the private key. You will be prompted to enter your PEM pass phrase. Choose something easy to remember such as fortinet.
openssl genrsa -des3 -out fgtssl.key 2048
This command generates an RSA DES3 2038-bit encryption key.
3. Create a certificate signing request for the SSL certificate. This step requires you to enter the information listed in step 3 of the previous example —
“To generate the private key and certificate”. You can leave the Challenge Password blank.
openssl req -new -key fgtssl.key -out fgtssl.csr
openssl x509 -req -days 365 -in fgtssl.csr -CA fgtca.crt -CAkey fgtcapriv.key -set_serial 01 -out fgtssl.crt
This will generate an X.509 certificate good for 365 days signed by the CA certificate fgtca.crt.