Table of Contents
Advertisement
Quick Links
Generating SSH Keys and SSL
Certificates for ROS and ROX
Using Windows
AN22
Application Note
6/2013
Introduction
Installing OpenSSL on
Windows
Installing the Scripts
Using Scripts to Create SSL
Certificates
Using the Scripts to Create
SSH Keys for ROS
Adding a Root CA Certificate
to the List of Trusted Root
CAs
PEM Formatted Certificates
and Keys
Generating a Certificate
from a Certificate Request in
Windows 2008 CA
Frequently Asked Questions
(FAQs)
1
2
3
4
5
6
7
8
9
Advertisement
Table of Contents
Related Manuals for Siemens SR640XA
Summary of Contents for Siemens SR640XA
- Page 1 Introduction Installing OpenSSL on Windows Installing the Scripts Generating SSH Keys and SSL Certificates for ROS and ROX Using Scripts to Create SSL Certificates Using Windows AN22 Using the Scripts to Create SSH Keys for ROS Adding a Root CA Certificate to the List of Trusted Root Application Note PEM Formatted Certificates...
- Page 2 RUGGEDCOM Application Note Copyright © 2013 RuggedCom Inc. All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or trademark registration.
-
Page 3: Table Of Contents
RUGGEDCOM Application Note Table of Contents Table of Contents Chapter 1 Introduction ......................Chapter 2 Installing OpenSSL on Windows ................. Chapter 3 Installing the Scripts .................... Chapter 4 Using Scripts to Create SSL Certificates ............4.1 Scenario 1: The Machine Hosting the Scripts Becomes the Root CA ..........7 4.2 Scenario 2: The CA Resides Elsewhere .................. - Page 4 RUGGEDCOM Table of Contents Application Note...
-
Page 5: Introduction
RUGGEDCOM Chapter 1 Application Note Introduction Introduction ROS (beginning with ROS v3.12.1 and onwards) and ROX can accept SSL certificates and SSH keys created externally. This document, along with some useful scripts developed by Siemens, is intended to help users working with Microsoft Windows®... - Page 6 RUGGEDCOM Chapter 1 Application Note Introduction...
-
Page 7: Installing Openssl On Windows
RUGGEDCOM Chapter 2 Application Note Installing OpenSSL on Windows Installing OpenSSL on Windows To install OpenSSL on Windows, do the following: Download the OpenSSL Setup program (without sources) for Windows from http://gnuwin32.sourceforge.net/ packages/openssl.htm. Double-click the downloaded file and install OpenSSL. During the installation process, change the installation directory to C:\OpenSSL\. - Page 8 RUGGEDCOM Chapter 2 Application Note Installing OpenSSL on Windows...
-
Page 9: Installing The Scripts
RUGGEDCOM Chapter 3 Application Note Installing the Scripts Installing the Scripts To install the scripts, extract the contents of the Zip file (AN22.zip) obtained from Siemens into an appropriate location on the script machine (the computer/server that hosts the scripts). A folder titled RCKeyGen will be placed in the chosen location. - Page 10 RUGGEDCOM Chapter 3 Application Note Installing the Scripts...
-
Page 11: Using Scripts To Create Ssl Certificates
RUGGEDCOM Chapter 4 Application Note Using Scripts to Create SSL Certificates Using Scripts to Create SSL Certificates The scripts provided by Ruggedcom can be used in three different infrastructure scenarios. • Section 4.1, “Scenario 1: The Machine Hosting the Scripts Becomes the Root CA” •... - Page 12 Chapter 4 RUGGEDCOM Using Scripts to Create SSL Certificates Application Note Figure 1: Scenario 1 1. Root Certificate Authority (CA) 2. Certificate 3. ROS/ROX Devices Navigate to the RCKeyGen folder on the script machine and open the file config.txt in a text editor. NOTE Do not use the default parameters provided in the config.txt file.
-
Page 13: Scenario 2: The Ca Resides Elsewhere
RUGGEDCOM Chapter 4 Application Note Using Scripts to Create SSL Certificates Double-click the script 1_ssl_root_CA_certgen.vbs to generate the root certificate. Double-click the script 02_ssl_device_certgen.vbs to generate a certificate for each device listed in device_data.txt and have them signed by the Root CA. When the script asks if the certificates need to be self-signed, click No. - Page 14 Chapter 4 RUGGEDCOM Using Scripts to Create SSL Certificates Application Note Figure 2: Scenario 2 1. Root Certificate Authority (CA) 2. Certificate Authorities (CAs) 3. Certificate 4. Certificate Request 5. Script Machine 6. ROS/ ROX Compatible Certificate 7. ROS/ROX Devices Navigate to the RCKeyGen folder on the script machine and open the file config.txt in a text editor.
-
Page 15: Scenario 3: Self-Signed Device Certificates
RUGGEDCOM Chapter 4 Application Note Using Scripts to Create SSL Certificates Update the other parameters with relevant values. Save and close the file. Open the file device_data.txt in a text editor and replace the current content with a list of addresses (one per line) for devices for which certificates are to be generated. - Page 16 Chapter 4 RUGGEDCOM Using Scripts to Create SSL Certificates Application Note Figure 3: Scenario 3 1. Script Machine 2. Certificate 3. ROS/ROX Devices Navigate to the RCKeyGen folder on the script machine and open the file device_data.txt in a text editor.
- Page 17 RUGGEDCOM Chapter 4 Application Note Using Scripts to Create SSL Certificates Double-click the script 03_ssl_formatting.vbs to convert the certificates into PEM format and clean up any files that were created by the scripts. The finished certificates are available in the SSL_certs folder and named according to their associated device, as defined in device_data.txt.
- Page 18 RUGGEDCOM Chapter 4 Application Note Using Scripts to Create SSL Certificates Scenario 3: Self-Signed Device Certificates...
-
Page 19: Using The Scripts To Create Ssh Keys For Ros
RUGGEDCOM Chapter 5 Application Note Using the Scripts to Create SSH Keys for ROS Using the Scripts to Create SSH Keys for ROS The generation of SSH keys is a single step process. NOTE For information on how to regenerate SSH keys for ROX, refer to the ROX User Guide for the device. Navigate to the RCKeyGen folder on the script machine and open the file device_data.txt in a text editor. - Page 20 RUGGEDCOM Chapter 5 Application Note Using the Scripts to Create SSH Keys for ROS...
-
Page 21: Adding A Root Ca Certificate To The List Of Trusted Root Cas
RUGGEDCOM Chapter 6 Application Note Adding a Root CA Certificate to the List of Trusted Root Adding a Root CA Certificate to the List of Trusted Root CAs In order for a certificate to be trusted, and often for a secure connection to be established, the certificate must have been issued by a CA that is included in the trusted store of the device that is connecting. - Page 22 Chapter 6 RUGGEDCOM Adding a Root CA Certificate to the List of Trusted Root Application Note Figure 5: Certificate Import Wizard Dialog Box Follow the on-screen instructions to locate the root certificate file and make sure it is placed in the Trusted Root Certification Authorities store.
-
Page 23: Pem Formatted Certificates And Keys
RUGGEDCOM Chapter 7 Application Note PEM Formatted Certificates and Keys PEM Formatted Certificates and Keys The following is an example of a PEM formatted SSH key: -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC3xOHodmmPghN1uWuFs9WdURkT9Ngjh7ded8BRa1PP3xUFzYSp UIq5QB2zU0UsHE0fGRWqYr8GA4r59KIDhhV5J2D/dIL9qCGklWNPBamZCVu+4N5M 5L//Ga8N5lv3AbGSfEsiiyA38uNNR5B6QzpXuTbEBUq84hlD4wDiL78eKwIDAQAB AoGBAI2CXHuHg23wuk9zAusoOhw0MN1/M1jYz0k9aajIvvdZT3Tyd29yCADy8GwA eUmoWXLS/C4CcBqPa9til8ei3rDn/w8dveVHsi9FXjtVSYqN+ilKw+moMAjZy4kN /kpdpHMohwv/909VWR1AZbr+YTxaG/++tKl5bqXnZl4wHF8xAkEA5vwut8USRg2/ TndOt1e8ILEQNHvHQdQr2et/xNH4ZEo7mqot6skkCD1xmxA6XG64hR3BfxFSZcew Wr4SOFGCtQJBAMurr5FYPJRFGzPM3HwcpAaaMIUtPwNyTtTjywlYcUI7iZVVfbdx 4B7qOadPybTg7wqUrGVkPSzzQelz9YCSSV8CQFqpIsEYhbqfTLZEl83YjsuaE801 xBivaWLIT0b2TvM2O7zSDOG5fv4I990v+mgrQRtmeXshVmEChtKnBcm7HH0CQE6B 2WUfLArDMJ8hAoRczeU1nipXrIh5kWWCgQsTKmUrafdEQvdpT8ja5GpX2Rp98eaU NHfI0cP36JpCdome2eUCQDZN9OrTgPfeDIXzyOiUUwFlzS1idkUGL9nH86iuPnd7 WVF3rV9Dse30sVEk63Yky8uKUy7yPUNWldG4U5vRKmY=... - Page 24 Chapter 7 RUGGEDCOM PEM Formatted Certificates and Keys Application Note AoGBALfE4eh2aY+CE3W5a4Wz1Z1RGRP02COHt153wFFrU8/fFQXNhKlQirlAHbNT RSwcTR8ZFapivwYDivn0ogOGFXknYP90gv2oIaSVY08FqZkJW77g3kzkv/8Zrw3m W/cBsZJ8SyKLIDfy401HkHpDOle5NsQFSrziGUPjAOIvvx4rAgMBAAGjLDAqMAkG A1UdEwQCMAAwHQYDVR0OBBYEFER0utgQOifnrflnDtsqNcnvRB0XMA0GCSqGSIb3 DQEBBQUAA4GBAHtBsNZuh8tB3kdqR7Pn+XidCsD70YnI7w0tiy9yiRRhARmVXH8h 5Q1rOeHceri3JFFIOxIxQt4KgCUYJLu+c9Esk/nXQQar3zR7IQCt0qOABPkviiY8 c3ibVbhJjLpR2vNW4xRAJ+HkNNtBOg1xUlp4vOmJ2syYZR+7XAy/OP/S -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC3xOHodmmPghN1uWuFs9WdURkT9Ngjh7ded8BRa1PP3xUFzYSp UIq5QB2zU0UsHE0fGRWqYr8GA4r59KIDhhV5J2D/dIL9qCGklWNPBamZCVu+4N5M 5L//Ga8N5lv3AbGSfEsiiyA38uNNR5B6QzpXuTbEBUq84hlD4wDiL78eKwIDAQAB AoGBAI2CXHuHg23wuk9zAusoOhw0MN1/M1jYz0k9aajIvvdZT3Tyd29yCADy8GwA eUmoWXLS/C4CcBqPa9til8ei3rDn/w8dveVHsi9FXjtVSYqN+ilKw+moMAjZy4kN /kpdpHMohwv/909VWR1AZbr+YTxaG/++tKl5bqXnZl4wHF8xAkEA5vwut8USRg2/ TndOt1e8ILEQNHvHQdQr2et/xNH4ZEo7mqot6skkCD1xmxA6XG64hR3BfxFSZcew Wr4SOFGCtQJBAMurr5FYPJRFGzPM3HwcpAaaMIUtPwNyTtTjywlYcUI7iZVVfbdx 4B7qOadPybTg7wqUrGVkPSzzQelz9YCSSV8CQFqpIsEYhbqfTLZEl83YjsuaE801 xBivaWLIT0b2TvM2O7zSDOG5fv4I990v+mgrQRtmeXshVmEChtKnBcm7HH0CQE6B 2WUfLArDMJ8hAoRczeU1nipXrIh5kWWCgQsTKmUrafdEQvdpT8ja5GpX2Rp98eaU NHfI0cP36JpCdome2eUCQDZN9OrTgPfeDIXzyOiUUwFlzS1idkUGL9nH86iuPnd7 WVF3rV9Dse30sVEk63Yky8uKUy7yPUNWldG4U5vRKmY= -----END RSA PRIVATE KEY-----...
-
Page 25: Generating A Certificate From A Certificate Request In Windows 2008 Ca
RUGGEDCOM Chapter 8 Application Note Generating a Certificate from a Certificate Request in Windows 2008 CA Generating a Certificate from a Certificate Request in Windows 2008 CA If there is an existing windows certificate server in the organization, perform the following procedure to generate the certificate in a windows 2008 server: Copy and paste the CSR file generated in the script machine to any folder in your CA. - Page 26 Chapter 8 RUGGEDCOM Generating a Certificate from a Certificate Request in Application Note Windows 2008 CA Figure 7: Open Request File Dialog Box Select the CSR file and click Open. Navigate to the Pending Requests folder. If the certificate request is uploaded properly, the request will appear in this folder.
- Page 27 RUGGEDCOM Chapter 8 Application Note Generating a Certificate from a Certificate Request in Windows 2008 CA Figure 9: Issuing the Certificate Navigate to the Issued Certificates folder. Figure 10: Issued Certificates Folder Double-click on the certificate. The Certificate dialog box appears.
- Page 28 Chapter 8 RUGGEDCOM Generating a Certificate from a Certificate Request in Application Note Windows 2008 CA Figure 11: Certificate Dialog Box Click the Details tab. This displays the distinguished name parameters for the certificate. 10. Verify the distinguished name parameters are correct and then click Copy to File. The Certificate Export Wizard dialog box appears.
- Page 29 RUGGEDCOM Chapter 8 Application Note Generating a Certificate from a Certificate Request in Windows 2008 CA Figure 13: Export File Format Screen 12. Copy the certificate to the SSL_certs folder. 13. Make sure a matching *.key file is present in the SSL_certs folder. 14.
- Page 30 RUGGEDCOM Chapter 8 Application Note Generating a Certificate from a Certificate Request in Windows 2008 CA...
-
Page 31: Frequently Asked Questions (Faqs)
RUGGEDCOM Chapter 9 Application Note Frequently Asked Questions (FAQs) Frequently Asked Questions (FAQs) What should I do if my root CA’s certificate has expired or I have a new root CA in my organization? If the existing root CA’s certificate has expired or if you want to sign all of your existing device certificates using a new root CA, then all the device certificates has to be replaced with a new certificate signed by the new root CA. - Page 32 RUGGEDCOM Chapter 9 Application Note Frequently Asked Questions (FAQs)