hvrsslgen
Usage
hvrsslgen [-options] fname subj
Description
Command hvrsslgen generates a public certificate, a private key, and a private key password required for the TLS Connection. These files together with the private key password are required for establishing a secure encrypted connection between the HVR hub and remote locations. Both files (private key and public key) are needed on the remote machine, however, only the public key file must be copied to the hub machine.
By default, the generated key's length is 2048 bits, and the private key is encrypted using aes-256-cbc algorithm and the SSL certificate is signed using sha256 hash algorithm. This can be customized by using the options available for hvrsslgen.
Command argument fname is used for naming the key files. The public certificate file is named fname.pub_cert and the corresponding private key file is named fname.priv_key.
The second argument subj is written as plain text into the subject field of the X509 public certificate file and serves for reference purposes only. If argument subj contains two or more words with space between them, then it must be enclosed in double quotes. For example, "Certificate for Cloud".
For establishing a secure encrypted connection between the HVR Hub and HVR Agent, the certificate and key files are generated automatically. So, manually generating them using hvrsslgen may be required only for troubleshooting/recovery in case of any issues. For more information about agent connection, see the HVR Agent concept page.
Options
This section describes the options available for the command hvrsslgen.
| Parameter | Description |
|---|---|
| -abits | Generate an asymmetric (RSA) key pair with length bits. Thedefault is 2048 bits. |
| -ddir | Generate files in directory dir instead of current directory. |
| -eenc_alg | Encrypt the private key using an internal password with encryption algorithm enc_alg. Valid values for enc_alg are:
|
| -hhash_alg | Sign the SSL certificate using hash algorithm hash_alg. Valid values for hash_alg are:
|
Example
Run the following command to generate the private key and public certificate key pair, as well as a password for the private key:
hvrsslgen MyCertificate "Certificate for Cloud"
If you are configuring the HVR hub server's TCP listening port to use an HTTPS connection, the password generated in the command output must be supplied along with the private key and public certificate.
Sample output:
hvrsslgen: HVR 6.1.0/7 (linux_glibc2.17-x64-64bit) hvrsslgen: Generating SSL key pair... hvrsslgen: Generating SSL key pair completed. hvrsslgen: Certificate subject: 'HVR Certificate for Cloud' hvrsslgen: Certificate contains 2048 bit RSA Public Key. hvrsslgen: Certificate valid from Jun 29 08:51:54 2022 GMT hvrsslgen: Certificate valid until Jun 24 08:51:55 2042 GMT hvrsslgen: Public Certificate written to 'MyCertificate.pub_cert'. hvrsslgen: Private key written to 'MyCertificate.priv_key'. hvrsslgen: Private key password: uSMxU9gcSZr/wEFk+OyJQk7LGEK5hyPGBOZcsfsO hvrsslgen: Finished. (elapsed=0.06s)