Example: Using the OpenSSL encryption library

This example shows the steps to configure CM to listen for SSL connection using the OpenSSL encryption library.

Use the openssl utility of your OpenSSL installation.

  1. Create a private key for the self-signed certificate:
    $ openssl genrsa -out cm1key.pem
    Create the self-signed certificate using the private key
    $ openssl req -new -x509 -key cm1key.pem -subj "CN=`hostname`" -days 3650 -out cm1cert.pem
    Put the private key and the self-signed certificate into a single PEM file
    $ cat cm1key.pem cm1cert.pem > filewithcertificatetoimport.pem
  2. Create the keystore file to contain the private key and certificate that are contained in a PEM file:
    $ openssl pkcs12 -export -in filewithcertificatetoimport.pem -name cm1ListeningCert -passout pass:test -out cm1.p12
  3. Create the stash file to contain the encrypted keystore password:
    onkstash cm1.p12 test
  4. In cm1's config file set "SSL_LABEL" to the certificate's label:
    SSL_LABEL cm1ListeningCert

Copyright© 2020 HCL Technologies Limited