Product and Software: This article applies to all Aruba platforms and ArubaOS versions.
It is often useful to generate a self-signed certificate in pem format that contains both the private key and the certificate. The following single OpenSSL command will achieve that purpose with a 1024bit key and a 10-year validity.
Non-encrypted private key:
openssl req -x509 -newkey rsa:1024 -keyout cert.pem -out cert.pem -days 3650 -nodes
Encrypted private key:
openssl req -x509 -newkey rsa:1024 -keyout cert.pem -out cert.pem -days 3650
Example
$ openssl req -x509 -newkey rsa:1024 -keyout self-cert.pem -out self-cert.pem -days 3650 -nodes
Generating a 1024 bit RSA private key
.....................................................................++++++
.........++++++
writing new private key to 'self-cert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Sunnyvale
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Aruba Networks
Organizational Unit Name (eg, section) []:Customer Advocacy
Common Name (eg, YOUR name) []:myserver.atac.net
Email Address []:
Output of self-cert.pem
$ cat self-cert.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDIMsJKwjnUYMUm9z6ly82shVhnTriqljIdBAN3JQt09vevJR+E
ZG90lWgmDSgpZhxw3bLXge+PEe2I8fmmOf3o7mkhIo6mnl9b6qLDnbJbnOd6zb2A
JzVWosR5Rnwql/x2KcYZuNyOLX0uaKsNxu7NBC1eqQJs34zdl9/al/7POwIDAQAB
AoGAfHTBwIP6O4NlTRILijqmxAepq5+Owc3ZnZwvI1SOSMp3tBRaAY4Gk+2F75Hi
U8o9CBVq5vrKGKFGkAoN7z7CD396q7SI47qulaX/oF+5QjYiTLL3fFsJcGrh3zc3
ybPj4uOEOLMWnLQziSW7YdBtanRaPbWkbdxXvhxS3QUyWkECQQD8Il+IxZt9uV83
pG58CfkSl43Nl4L3UfyEvbPBpFo32neEqGIqEEGYOc3H0gzbAuFLtQa3GrGDGuju
SnkA+EJrAkEAy0SJe2UVtieWWc+U1kvkn7kUimVBRWqc4hSh2OWH/gaU2R+Zx1QF
1sXZ1yvFnqCjvSptr7bs23LVIbeBIef6cQJBAI2mdguuEQxSH6dwDs5LAA6s7HLL
oz11ZyvgM+QfhLwKVclGnFfLaD6wgua3IJfOh2p0GoC2U3I3pRNy7YZY818CQANU
wjQFeg+cIniiUDwazkpXzCBgfGtYze1ejTBywoHFNddBD1IW7GmSoHlIPFrXIxfM
hDOm+ca24QtGaJVXqeECQQDWsvxL+gJzNNdUccAzGl/vCv4CtdvGoyju1H3fRQrz
2D+7A6nCmBllveG6E3VM9scqNtQcv0jXPMaUdddQogFU
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDfjCCAuegAwIBAgIJAOtiZxfkCKoRMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxl
MRcwFQYDVQQKEw5BcnViYSBOZXR3b3JrczEaMBgGA1UECxMRQ3VzdG9tZXIgQWR2
b2NhY3kxGjAYBgNVBAMTEW15c2VydmVyLmF0YWMubmV0MB4XDTA5MDcwNzIyMDc1
MloXDTE5MDcwNTIyMDc1MlowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxFzAVBgNVBAoTDkFydWJhIE5ldHdv
cmtzMRowGAYDVQQLExFDdXN0b21lciBBZHZvY2FjeTEaMBgGA1UEAxMRbXlzZXJ2
ZXIuYXRhYy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMgywkrCOdRg
xSb3PqXLzayFWGdOuKqWMh0EA3clC3T2968lH4Rkb3SVaCYNKClmHHDdsteB748R
7Yjx+aY5/ejuaSEijqaeX1vqosOdsluc53rNvYAnNVaixHlGfCqX/HYpxhm43I4t
fS5oqw3G7s0ELV6pAmzfjN2X39qX/s87AgMBAAGjge8wgewwHQYDVR0OBBYEFFmC
FjD8ncna0Vab4cGhDBl4whoqMIG8BgNVHSMEgbQwgbGAFFmCFjD8ncna0Vab4cGh
DBl4whoqoYGNpIGKMIGHMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTESMBAGA1UEBxMJU3Vubnl2YWxlMRcwFQYDVQQKEw5BcnViYSBOZXR3b3JrczEa
MBgGA1UECxMRQ3VzdG9tZXIgQWR2b2NhY3kxGjAYBgNVBAMTEW15c2VydmVyLmF0
YWMubmV0ggkA62JnF+QIqhEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
gQALAb/NwNckMoOpXz6pioaT9AJh2iZ3vzz0+IEcnNRxVlq+UwndqMMHiYTZXGBL
38dB4aiCvzYeahTMw7v5tbRUijAu7edhFyKaEHxA/F7N6+71sdGHlNckkt0hm07d
XdCnTGlNTuqZAWSzF6YOitz7kJNDENVVT1hZM+KH/JZn4g==
-----END CERTIFICATE-----
Certificate Content
$ openssl x509 -in self-cert.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
eb:62:67:17:e4:08:aa:11
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Sunnyvale, O=Aruba Networks, OU=Customer
Advocacy, CN=myserver.atac.net
Validity
Not Before: Jul 7 22:07:52 2009 GMT
Not After : Jul 5 22:07:52 2019 GMT
Subject: C=US, ST=California, L=Sunnyvale, O=Aruba Networks, OU=Customer
Advocacy, CN=myserver.atac.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c8:32:c2:4a:c2:39:d4:60:c5:26:f7:3e:a5:cb:
cd:ac:85:58:67:4e:b8:aa:96:32:1d:04:03:77:25:
0b:74:f6:f7:af:25:1f:84:64:6f:74:95:68:26:0d:
28:29:66:1c:70:dd:b2:d7:81:ef:8f:11:ed:88:f1:
f9:a6:39:fd:e8:ee:69:21:22:8e:a6:9e:5f:5b:ea:
a2:c3:9d:b2:5b:9c:e7:7a:cd:bd:80:27:35:56:a2:
c4:79:46:7c:2a:97:fc:76:29:c6:19:b8:dc:8e:2d:
7d:2e:68:ab:0d:c6:ee:cd:04:2d:5e:a9:02:6c:df:
8c:dd:97:df:da:97:fe:cf:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:82:16:30:FC:9D:C9:DA:D1:56:9B:E1:C1:A1:0C:19:78:C2:1A:2A
X509v3 Authority Key Identifier:
keyid:59:82:16:30:FC:9D:C9:DA:D1:56:9B:E1:C1:A1:0C:19:78:C2:1A:2A
DirName:/C=US/ST=California/L=Sunnyvale/O=Aruba Networks/OU=Cust
omer Advocacy/CN=myserver.atac.net
serial:EB:62:67:17:E4:08:AA:11
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
0b:01:bf:cd:c0:d7:24:32:83:a9:5f:3e:a9:8a:86:93:f4:02:
61:da:26:77:bf:3c:f4:f8:81:1c:9c:d4:71:56:5a:be:53:09:
dd:a8:c3:07:89:84:d9:5c:60:4b:df:c7:41:e1:a8:82:bf:36:
1e:6a:14:cc:c3:bb:f9:b5:b4:54:8a:30:2e:ed:e7:61:17:22:
9a:10:7c:40:fc:5e:cd:eb:ee:f5:b1:d1:87:94:d7:24:92:dd:
21:9b:4e:dd:5d:d0:a7:4c:69:4d:4e:ea:99:01:64:b3:17:a6:
0e:8a:dc:fb:90:93:43:10:d5:55:4f:58:59:33:e2:87:fc:96:
67:e2