You are here: Configuration Manual (Set up Luna Appliance after Installing) > [Step 6] Setting up a Network Trust Link > UNIX NTL Setup > Create a Client Certificate (UNIX)

Create a Client Certificate (UNIX)

Begin by creating a certificate and private key for the client, using the vtl command-line interface.

Before you run the vtl createCert command, run hostname to view the hostname of your client computer. Then, when you run the  vtl createCert -n <clientHostname> command (below), be sure to input the hostname exactly as reported (uppercase/lowercase). If you create a certificate using a hostname parameter that is not an exact case-match for the client’s hostname, you might be unable to create an NTLS link.

bash-2.05# ./vtl createCert -n <clientHostname>

Example

bash-2.05# ./vtl createCert -n myClient1

bash-2.05# ls -lr
total 816
-rwxr-xr-x 1 root root 735720 Apr 19 14:08 vtl
-rw-r--r-- 1 root root 908 Apr 23 14:38 myClient1.pem
-rw-r--r-- 1 root root 887 Apr 23 14:38 myClient1Key.pem
-rwxr-xr-x 1 root root 7144 Apr 19 14:08 openssl.cnf

After the createCert command, vtl gives the full pathname to the key and cert files that were generated.



“-n” (name) is the only mandatory item, and must be the client hostname.   Additional optional parameters can be added. Refer to the Reference section of this Help for full command syntax and description.

 



If you are working without DNS, then supply the client IP numerically, instead:

bash-2.05# ./vtl createCert -n <clientIPaddress>

The cert and key files are created with the Client computer's IP address as the filenames.

 



In the createCert command, provide only the unqualified hostname, rather than the fully qualified hostname.

 

Next, "Export a Client Cert to an HSM Appliance (UNIX)".