Note: Key and certificate file names cannot contain spaces and must be compatible with your workstation's operating system. When prompted to either name a key or certificate file or check the name of a key or certificate file, please ensure the names follow these conventions.

Generating Certificates

Note: The openssl_config.txt file must be in the current working directory. If it is not, you must specify the path to the file. For Windows NT and Windows 2000, the current default working directory is Program Files \SonicWALL Corporation \SonicWALL Configuration Manager, and openssl_config.txt is located there by default.

For Linux, the current working directory is the directory from which you executed OpenSSL. However, the openssl_config.txt file is located in the /etc directory of the root. When you see the openssl_config.txt file name in a listing, you must add "/etc/" before entering it.

To create an unencrypted private key and generate a certificate request from it, enter the following command lines at the prompt:

genrsa -out key.pem 1024
req -new -key key.pem -out req.pem -config openssl_config.txt

The second command must be entered on one line.
To create a self-signed root certificate valid for 30 days, enter the following commands:

genrsa -out key.pem 1024
req -new -x509 -out cert.pem -key key.pem -config openssl_config.txt

The second command must be entered on one line.
You will be prompted for additional information with each of these commands.