# 1 Generate CA private keytest-fassets/ca.key||opensslgenrsa-outassets/ca.key4096# 2 Generate CA certificatetest-fassets/ca.crt||opensslreq-x509-new-nodes-keyassets/ca.key-days3650-outassets/ca.crt-subj \"/C=CN/ST=Shanghai/O=toughradius/CN=ToughradiusCA/emailAddress=master@toughstruct.net"# 3 Generate server private keyopensslgenrsa-outassets/server.key2048# 4 Generate a certificate request fileopensslreq-new-keyassets/server.key-outassets/server.csr-subj \"/C=CN/ST=Shanghai/O=toughradius/CN=*.toughstruct.net/emailAddress=master@toughstruct.net"# 5 Generate a server certificate based on the CA's private key and the above certificate request fileopensslx509-req-inassets/server.csr-CAassets/ca.crt-CAkeyassets/ca.key-CAcreateserial-outassets/server.crt-days7300mvassets/server.keyassets/cwmp.tls.keymvassets/server.crtassets/cwmp.tls.crt
It should be noted that the certificate prefix cwmp.tls is fixed, toughradius program will default to /var/toughradius/private/ directory, if there is no certificate file, it will create a default certificate file, default certificate file, CN=*.toughradius.net, May not work in your environment