|Managing the Node API|
About PEM Files: The PEM certificate format is commonly issued by Certificate Authorities. PEM certificates have extensions that include .pem, .crt, .cer, and .key, and are Base-64 encoded ASCII files containing "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.
To generate a new certificate, follow the instructions below.
$ openssl req -new -nodes -keyout my_key_name.key -out my_csr_name.csr
Generating a 1024 bit RSA private key ....................++++++ ................++++++ writing new private key to 'my_key_name.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:Your_2_letter_ISO_country_code State or Province Name (full name) [Some-State]:Your_State_Province_or_County Locality Name (eg, city) :Your_City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your_Company Organizational Unit Name (eg, section) :Your_Department Common Name (i.e., your server's hostname) :secure.yourwebsite.com Email Address :email@example.com
You are also prompted to input "extra" attributes, including an optional challenge password.
... Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
After finalizing the attributes, the private key and CSR are saved to your root directory.
You may need to generate a self-signed certificate for the following reasons:
To generate a self-signed certificate through OpenSSL, run the following command:
openssl x509 -req -days 365 -in my_csr_name.csr -signkey my_key_name.key -out my_cert_name.crt
This creates a certificate that is valid for 365 days.
Individual certificate files:
Bundle of certificates:
For a certificate bundle, create a new file named aspera_server_cert.chain in the same directory as the .pem files. Copy and paste the root certificate into this file, followed by the bundle.
# /etc/init.d/asperanoded restart