Certificate Generation Using OpenSSL Only
This section describes the process for generating a private key and certificate request for the Expressway using OpenSSL. This is a generic process that relies only on the free OpenSSL package and not on any other software. It is appropriate when certificates are required to interface with neighboring devices for test purposes, and provide output to interact with Certificate Authorities.
The output for the certificate request generation process is given to a Certificate Authority which may be internal or external to the organization, and which is used to produce the X.509 certificates required by the Expressway to authenticate itself with neighboring devices.
This section also briefly describes how OpenSSL is used to manage a private Certificate Authority, but does not intend to be comprehensive. Various components of these processes are used when interfacing with third party CAs.
OpenSSL and Mac OS X or Linux
OpenSSL is already installed on Mac OS X, and is usually installed on Linux.
OpenSSL and Windows
If you do not have OpenSSL already installed, this is available as a free download from http://www.openssl.org/related/binaries.html.
Choose the relevant 32 bit or 64 bit OpenSSL - the ‘Light’ version is all that is needed.
If you receive a warning while installing OpenSSL that C++ files cannot be found, load the "Visual C++ Redistributables" also available on this site and then re-load the OpenSSL software.