NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Generating TLS certs for GS108Tv2 from command-line
Hi,
I was reading the thread GS108Tv2 HTTPS/TLS guide which unfortunately I wasn't able to reply to, but perhaps it's time for a new thread anyway.
I'd like to be able to generate certs from the command line (either on MacOS or Linux) using OpenSSL 1.1.x and hence not using XCA.
I tried a few steps manually like:
openssl dhparam -out dh1024.pem 1024
openssl genrsa -out privkey.pem 1024
openssl req -new -x509 -key privkey.pem -out certificate.pem_ -days 3650 -subj '/C=US/O=Redfish Solutions/CN=switch3.redfish-solutions.com' --addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment"
cat certificate.pem_ privkey.pem > certificate.pem
rm -f certificate.pem_
and uploaded that to my switch (running 5.4.2.36), and that works well enough (not sure if any sanity checking happens during this stage... seems not), but when I get into "HTTPS Configuration" and try to enable "HTTPS Admin mode" I get a pop-up with "Error: Failed to set HTTPS Admin Mode." which isn't particularly useful.
Looking into the "Memory Logs" under "logs" gives me no useful information either.
So, does anyone have a soup-to-nuts script where all you need to provide is the validity in days and the X.509 certificate subject, and it cranks out the appropriate files?
Thanks
5 Replies
taysandman Any thoughts on this, since you originally resolved the issue with XCA?
Can you send me a certificate you generated this way, that is known to work, and I'll try to figure out what command-line options are needed to reproduce it?
Thanks
I'd like to put up a script (bash script using openssl CLI) to do this on GitHub; can someone from support reach out to me and walk me through this? My switch no longer has complimentary support...
It looks like you need to learn more about the concept. What you have is not complete. There is a lot of information on this on Internet. Just google it. I suggest a search phrase like this: openssl create own ssl certificate authority.
Retired_Member wrote:It looks like you need to learn more about the concept. What you have is not complete. There is a lot of information on this on Internet. Just google it. I suggest a search phrase like this: openssl create own ssl certificate authority.
I understand a bit about the subject. For instance, best practice as defined by the CAB Forum is a bit of a moving target, and new Extended Key Usage attributes get added from time to time. It's hard to know which snapshot in time the firmware in the gs108tv2 follows and what particulars it's expecting.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
