Page History

...

Generate MQTT Engine Client certificate signed with the Engine CA’s private key

1. Generate private key (engine.key) for MQTT Engine using the command below.

   Code Block
   language text
   openssl genrsa -out certs/engine/engine.key 2048

   
   

2. Generate a Certificate Signing Request (CSR) for MQTT Engine using the command below. This command generates a new CSR named "engine.csr’ using the RSA private key "engine.key".

   Code Block
   language text
   openssl req -new -key certs/engine/engine.key -out certs/engine/engine.csr

   
   

   Note

   There are a number of fields associated with the creation of the certificate. The required fields are: Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: We set this as MQTT Engine Common Name (eg, fully qualified host name) []: We set this as the FQDN of the Chariot server Email Address []: Extra attributes to be sent with the certificate request are: A challenge password []:

   
   

3. Sign the MQTT Engine Client CSR with the Engine CA using the command below. This command will sign the CSR "engine.csr" with the Engine CA certificate ‘engineCA.crt’ and RSA private key ‘engineCA.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the private key file "engineCA.key".

   Code Block
   language text
   openssl x509 -req -in certs/engine/engine.csr -CA ca/engine/engineCA.crt -CAkey ca/engine/engineCA.key -CAcreateserial -out certs/engine/engine.crt -days 365

   
   

You should now see the following files created:

You should now have the following files:

...