Versions Compared

Old Version 8

changes.mady.by.user Gill Houghton

Saved on

compared with

New Version 9

changes.mady.by.user Gill Houghton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Generate a private key file (engineCA.key) for MQTT Engine CA using the command below. You will be required to enter a pass phrase to be associated with the engineCA.key file. 

    Code Block
    languagetext
    openssl genrsa -des3 -out ca/engine/engineCA.key 2048


  2. Generate a Certificate Signing Request (CSR) for the MQTT Engine CA using the command below. This command generates a new CSR named "engineCA.csr’ using the RSA private key "engineCA.key" and you will be required to enter the pass phrase created in the previous step.

    Code Block
    languagetext
    openssl req -new -key ca/engine/engineCA.key -out ca/engine/engineCA.csr


    Note

    There are a number of fields associated with the creation of the certificate. The required fields are:

    Country Name (2 letter code) []:

    State or Province Name (full name) []:

    Locality Name (eg, city) []:

    Organization Name (eg, company) []:

    Organizational Unit Name (eg, section) []: We set this as MQTT Engine CA

    Common Name (eg, fully qualified host name) []: We set this as the FQDN of the Chariot server

    Email Address []:


    Extra attributes to be sent with the certificate request are:

    A challenge password []:


  3. Sign the MQTT Engine CA with the Root CA using the command below. This command will sign the CSR "engineCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). An "engineCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "ca.key".

    Code Block
    languagetext
    openssl x509 -req -in ca/engine/engineCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/engine/engineCA.crt -days 3650


Generate MQTT Transmision Client CA certificate signed with the Root CA

  1. Generate a private key file (transmissionCA.key) for MQTT Transmission CA using the command below. You will be required to enter a pass phrase to be associated with the transmissionCA.key file. 

    Code Block
    languagetext
    openssl genrsa -des3 -out ca/transmission/transmissionCA.key 2048


  2. Generate a Certificate Signing Request (CSR) for the MQTT Transmission CA using the command below. This command generates a new CSR named "transmissionCA.csr’ using the RSA private key "transmissionCA.key" and you will be required to enter the pass phrase created in the previous step.

    Code Block
    languagetext
    openssl req -new -key ca/transmission/transmissionCA.key -out ca/transmission/transmissionCA.csr


    Note

    There are a number of fields associated with the creation of the certificate. The required fields are:

    Country Name (2 letter code) []:

    State or Province Name (full name) []:

    Locality Name (eg, city) []:

    Organization Name (eg, company) []:

    Organizational Unit Name (eg, section) []: We set this as MQTT Transmission CA

    Common Name (eg, fully qualified host name) []: We set this as the FQDN of the Chariot server

    Email Address []:


    Extra attributes to be sent with the certificate request are:

    A challenge password []:



  3. Sign the MQTT Transmission CA with the Root CA using the command below. This command will sign the CSR "transmissionCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). An "transmissionCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "ca.key".

    Code Block
    languagetext
    openssl x509 -req -in ca/transmission/transmissionCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/transmission/transmissionCA.crt -days 3650


You should now see the following files created:├──

├── ca/

│   ├── ca.crt

│   ├── ca.key

│   ├── ca.srl

│   ├── engine/

│   │   ├── engineCA.crt

│   │   ├── engineCA.csr

│   │   ├── engineCA.key

│   │   └── engineCA.srl

│   ├── server/

│   │   ├── serverCA.crt

│   │   ├── serverCA.csr

│   │   ├── serverCA.key

│   │   └── serverCA.srl

│   └── transmission/

│       ├── transmissionCA.crt

│       ├── transmissionCA.csr

│       ├── transmissionCA.key

│       └── transmissionCA.srl



   






























You should now have the following files:

...