Obtaining a client certificate for the Syslog protocol

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

You must obtain a client certificate from the SVP to enable the Syslog protocol.

  1. Create a private key (.key file). See Creating a private key using the OpenSSL command.
  2. Create a public key (.csr file). See Creating a public key using the OpenSSL command.
  3. Send the new key to the Syslog server Certificate Authority for signature to obtain a certificate. The certificate is used as the client certificate.
    CAUTION:
    • If the certificate expires, you cannot connect to the Syslog server.
    • If an intermediate certificate is provided by the certificate authority, set the intermediate certificate on the Syslog server.
  4. Open a Windows command prompt, and then set the current directory to the directory where the PKCS#12 format client certificate is output.
  5. Store the private key (.key file) and client certificate in this folder, and then execute the command below.
    C:\key>c:\openssl\bin\openssl pkcs12 -export -in client.crt -inkey client.key -outclient.p12
    Where
    • Folder to which the PKCS#12 format client certificate is output: C:\key
    • File name of the private key: client.key
    • File name of the client certificate: client.crt
  6. Set the password.

    The password can have up to 128 characters. You can use alphanumeric characters and the following 31 symbols:

    ! # $ % & ' ( ) * + ,- . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~