The elog program wants a server.crt and server.key file. We can make both with the Makefile in /etc/pki/tls/certs. However, these files will have a passphrase on them. This is bad because we want the elog program to start automatically at boot. If a passphrase is required, this won’t work. So we need to take the passphrase off.
make server.key
mv server.key server.key.withpassphrase
openssl rsa -in server.key.withpassphrase -out server.key
make server.crt
The openssl commands to make certificates are:
HP-UX
openssl genrsa -out localhost.key 1024 openssl req -new -x509 -days 3650 -key localhost.key -out localhost.pem cat localhost.key localhost.pem > host.pem
The first line creates a private key for the server. The next line creates a self-signed certificate, using the key created in the first line to sign it. The last line just joins these two files together into one. For some reason, stunnel in hp-ux likes to have both files in one file.
Linux
With linux, we can encrypt the key, so the commands are a little different.
openssl genrsa -des3 -out localhost.key 1024 openssl req -new -x509 -nodes -sha1 -days 3650 -key localhost.key -out localhost.pem
Again, these two files can be concatenated into one, if required.
Once you have a key, if you want to read the contents, use:
openssl x509 -noout -text -in localhost.pem openssl rsa -noout -text -in localhost.key
If you have a combined file, run each of those commands on the same file to see both the certificate and key contents.