Generating a Self-Signed Certificate File (.pem)

Admin Guide > Configuration > Managing ICE Gateway > Running an ICE Telephony Gateway using Non-TLS/SRTP > Enabling TLS/SRTP > Generating a Self-Signed Certificate File (.pem)

Either a 3rd party certificate generated by a certificate authority, or a self-signed certificate, is required to establish a TLS connection between CUCM and the ICE Telephony Gateway. In the following example a self-signed certificate is generated using the OpenSSL command line tool.

To generate a self-signed .pem file

1. Open the OpenSSL command line tool.

2. Enter the following command:

openssl req -x509 -newkey rsa:4096 -keyout icegwkey.pem -out icegw.pem -days 365 -nodes

3. From the resulting output, enter the required certificate information, see the example below.
A blue screen with white text Description automatically generated

A blue screen with white text Description automatically generated

Country Name

State or Province Name

Locality Name

Organization Name

Common Name: Enter the IP address of the ICE Telephony Gateway. That will be the destination address for the SIP Trunk created later in this process.

Email Address

4. Enter the following command:

openssl

Two PEM files are generated:

icegwkey.pem

icegw.pem

5. Proceed to the next procedure (Uploading the Certificate File to CUCM).