Before you can test using digital certificates, the test server must be provisioned with private key files and corresponding X.509 certificates. The files will be generated in PEM format, which you can then convert to DER or PKCS#12 if necessary.
The generateRsaKeys command generates the files and places them in the directory accessed during the test and when generating certificates: /home/cfguser/rsa. The command can be used with the following parameters:
--help — Prints out the command line parameters and gives a brief description of each.
-- num <total keys>— The number of keys to be generated. The default is 0 and if this parameter is not included, no key files are generated. A maximum of 100,000 keys can be generated.
--size <number of bits> — The size, in bits, of the key to generate. It must be a multiple of 8 and the minimum and default value is 1024.
--private <file name> — The output file name for the private keys. The default value is privRsaKey.pem.
--public <file name> — The output file name for the public keys. The default value is pubRsaKey.pem.
|
IMPORTANT: Key generation can take several hours depending on the number of key pairs generated, and the amount of test server resources consumed will adversely affect test operations. Reserve the test server to prevent other users from running test sessions during key generation. |
To generate public and private key files:
SSH to the test server and log in as cfguser.
Change to the CA directory (/home/cfguser/sseworks): cd sseworks.
Enter the generate command. If the default values are acceptable, you can simply specify the number of key pairs to be generated — up to 100,000. You can define the number of key pairs to use in the test definition. If there are less key pairs than MN sessions, the test will distribute the keys among the sessions as evenly as possible. The key file names are also specified in the test, allowing you to generate files with different key sizes, for example, and use them in different tests. In this example, 10,000 1024-bit keys are generated and written to the files specified.
##> generateRsaKeys --num 10000 --size 1024 --private MyPrivateKeys.pem --public MyPublicKeys.pem
A confirmation message is displayed as the process begins and progress messages are printed as every 1000 key pairs is generated. When the process is complete, a final time stamp is printed and the prompt is displayed as shown below.
Creating 10000 public and private RSA keys of size 10248 bits...
Public RSA key output file: /home/cfguser/rsa/MyPublicKeys.pem
Private RSA key output file: /home/cfguser/rsa/MyPrivateKeys.pem
Time: Jun 20 10:46:16
completed key # 1000 Time: Mon Jun 20 10:52:16
completed key # 2000 Time: Mon Jun 20 10:58:22
completed key # 3000 Time: Mon Jun 20 11:04:18
completed key # 4000 Time: Mon Jun 20 11:10:17
completed key # 5000 Time: Mon Jun 20 11:16:16
completed key # 6000 Time: Mon Jun 20 11:22:23
completed key # 7000 Time: Mon Jun 20 11:28:15
completed key # 8000 Time: Mon Jun 20 11:34:17
completed key # 9000 Time: Mon Jun 20 11:40:17
completed key # 10000 Time: Mon Jun 20 11:46:24
Time: Mon Jun 20 11:46:24
##>
If the test requires PKCS#12 format, you will need to generate the certificates before converting the format. If the test requires DER format, you can convert the private key file now:
Change to the rsa directory: cd /home/cfguser/rsa.
Enter the conversion command: openssl rsa -inform PEM -outform DER -in <pem-file-name> -out <der-file-name>
Using the example file above:
##> openssl rsa -inform PEM -outform DER -in MyPrivateKeys.pem -out MyPrivateKeys.der