NEM certificate generation
Generate client's private key and a certificate signing request (CSR) (please do not change CN):
openssl req -new -newkey rsa:2048 -out nem.csr -subj "/C=CH/ST=Berne/L=Berne/O=Hitachi Power Grids Switzerland Ltd./OU=PGGA,PG/CN=nem" -keyout nem.pem -nodes
Sign nem's CSR with server private key and a related certificate
openssl x509 -req -days 3650 -sha256 -in nem.csr -CA diracCA.crt -CAkey server.key -CAserial diracCA.srl -out nem.crt
Delete CSR:
rm nem.csr
Generate p12 store for NMS apigateway
openssl pkcs12 -export -password pass:changeit -in nem.crt -inkey nem.pem -out nem.p12
Curl client in does require the nem.pem, nem.crt and diracCA.crt files.
We have now following new files in the folder /etc/pki/:
-rw-rw-r--. 1 dirac dirac 1281 May 5 06:40 nem.crt
-rw-------. 1 dirac dirac 2509 May 5 06:41 nem.p12
-rw-------. 1 dirac dirac 1708 May 5 06:39 nem.pem