Sunday, January 17, 2016

How to create a self signed certificate with openSSL to be used with BlueCoat proxy

This short guiede will create a new keyring, a private key, and eventually a certificate.

1. generate a private key with openSSL (atleast 2048 key length)
# OpenSSL> genrsa -des3 -out mypriv.key 2048
a set key length to 2028
b when you press Enter your asked to set a pass phrase for the key, remember it.

2. open notepad and cut the content of the private mypriv.key created in step 1.

3. In the BlueCoat  proxy - Configuration - SSL - Keyrings
a create a new keyring and select 'import existing private key'. paste your key here and type the pass phrase from step 1.
b Give the keyring a name press - OK
c Apply to install the policy

4. Generate the Certificate request from the new keyring.
a open the newly created keyring.
b press 'create' in the Create Signing Request section.
c copy the content and save as csr.txt in notepad (make sure there is no blankspace or characters after at the end of the file)

4. Create the certificate (valid 1 year in this example)
# OpenSSL> x509 -req -days 365 -in c:\openssl-win64\csr.txt -signkey c:\openssl-win64\bin\mypriv.key -out c:\openssl-win64\cert.crt

5. convert cert to PEM
# OpenSSL> x509 -in c:\openssl-win64\cert.crt -out c:\openssl-win64\out.pem -outform PEM

6. put the cert in the keyring in BC
a open the out.pem file with notepad and copy the content
b open the BC keyring and select 'import' in the Certificate section, paste your content and press ok
c press 'Apply' to save the policy

The certificate is finnished and ready to be used.