On This Page
From January 01, 2023, TOS R21-3 Classic is EOL. Technical support will be available for a limited period to customers with Extended Support agreements.
Create a Server Certificate for NGINX on the Tufin server
- To create a private key for the server, run:
openssl genrsa -out server.key 2048 chmod 400 server.key
- To create a Certificate Signing Request (CSR), run:
openssl req -new -key server.key -sha256 -out server.csr
- Common Name attribute: Provide the IP address or resolvable host name of the Tufin server that will receive the logs. (Can be the Tufin Central Server, Distributed Server or a Remote Collector.)
- All other attributes: Enter a period (•) to leave all other attributes blank.
- Challenge password []: <leave empty>
Do not use a period (•) for this value.
- To use the root CA to sign the CSR, run:
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt
chmod 444 server.crt
- To verify the validity of the certificate, run:
openssl x509 -noout -text -in server.crt
- To verify the signature, run:
openssl verify -CAfile ca.crt server.crt