CMTS info

Helpful linux and DOCSIS/CMTS howtos and tips

Generating SSL Certificates

1) Configure openssl.cnf

Change directories as needed, create if they don't exist. Create index.txt and serial.

echo '01' > serial
echo '01' > crlnumber
2) Generate CA certificate and private key
openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -days 3660 -newkey rsa:2048

Put cert and key to directories specified in openssl.cnf.

If no extension server nor client is present, add the following to the openssl.cnf 

[ server ]
basicConstraints       = CA:FALSE
nsCertType             = server
nsComment              = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage       = serverAuth
keyUsage               = digitalSignature, keyEncipherment


[ client ]
basicConstraints       = CA:FALSE
nsCertType             = client
nsComment              = "OpenSSL Generated Client Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage       = clientAuth
keyUsage               = digitalSignature, keyEncipherment
3) Generate user's private key and cert signing request 
  openssl req -nodes -new -keyout mycert.key -out mycert.csr -newkey rsa:2048 [-extensions server]
4) Sign cert signing request with your CA 
  openssl ca  -in mycert.csr -out mycert.crt -days 3660 [-extensions server]
5) Generate DH 
openssl dhparam -out dh1024.pem 1024
6) Generate CRL and revoke bad cert 
openssl ca -revoke certs/bad.crt
openssl ca -gencrl -out crl.pem

Template: designsbydarren.com on license
All trademarks belong to their respective owners. All materials presented here for informational purposes only.