This article explains how to install device certificates used for device checks to Linux devices.
To install device certificates on your Linux Device, first crate the certificate and then install it on the device.
-
You must have administrator permissions for the Linux computer
-
The certificate file must be in a PFX (p12) format, including its private key
-
The certificate issuer must match the signing certificate that is uploaded in the Device Authentication screen in the Cato Management Application
-
Certificates have a maximum allowed size of 2048 bytes. Certificates larger than this size will be ignored
-
Step 1: Create the device certificate
-
Step 2: Install the certificate with the following command:
cato-sdp import-cert <certificate path>/<certificate>.p12
This section is an example of commands to create an OpenSSL certificate that the Client accesses for Device Authentication. You can use other tools to create the certificate.
You must have your own signing certificate before you create the device certificate.
openssl genrsa -out <name>.key 2048 openssl req -new -key <name>.key -out <name>.csr sudo openssl x509 -req -in <name>.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out <name>.crt -days 500 -sha256 openssl pkcs12 -export -out <name>.p12 -inkey <name>.key -in <name>.crt
In the example above, there is NO password added to the openssl pcks12
command.
This is required on Linux Client versions below v5.1
Copy the certificate and the file with the private key to the Linux device. When you run the Client, add the -cert
argument. For more about arguments for the Linux Client, see Installing and Running the Linux Client (v5.1 and above)
0 comments
Article is closed for comments.