Versions Compared

Old Version 20

changes.mady.by.user Gill Houghton

Saved on

compared with

New Version 21

changes.mady.by.user Gill Houghton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
GenerateCACertificateChain
GenerateCACertificateChain
Generate CA Certificate Chain

...

  1. Generate private key (engine.key) for MQTT Engine using the command below.

    Code Block
    languagetext
    openssl genrsa -out certs/engine/engine.key 2048


  2. Generate a Certificate Signing Request (CSR) for MQTT Engine using the command below. This command generates a new CSR named "engine.csr’ using the RSA private key "engine.key".

    Code Block
    languagetext
    openssl req -new -key certs/engine/engine.key -out certs/engine/engine.csr


    Note

    There are a number of fields associated with the creation of the certificate. The required fields are:

    Country Name (2 letter code) []:

    State or Province Name (full name) []:

    Locality Name (eg, city) []:

    Organization Name (eg, company) []:

    Organizational Unit Name (eg, section) []: We set this as MQTT Engine

    Common Name (eg, fully qualified host name) []: We set this as the FQDN of the Chariot server

    Email Address []:


    Extra attributes to be sent with the certificate request are:

    A challenge password []:


  3. Sign the MQTT Engine Client CSR with the Engine CA using the command below. This command will sign the CSR "engine.csr" with the Engine CA certificate ‘engineCA.crt’ and RSA private key ‘engineCA.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the private key file "engineCA.key".

    Code Block
    languagetext
    openssl x509 -req -in certs/engine/engine.csr -CA ca/engine/engineCA.crt -CAkey ca/engine/engineCA.key -CAcreateserial -out certs/engine/engine.crt -days 365


Anchor
GenerateMQTTTransmissionClientCertificate
GenerateMQTTTransmissionClientCertificate
Generate MQTT Transmission Client certificate signed with the Transmission CA’s private key

  1. Generate private key (transmission.key) for MQTT Transmission using the command below.

    Code Block
    languagetext
    openssl genrsa -out certs/transmission/transmission.key 2048


  2. Generate a Certificate Signing Request (CSR) for MQTT Transmission using the command below. This command generates a new CSR named "transmission.csr’ using the RSA private key "transmission.key".

    Code Block
    languagetext
    openssl req -new -key certs/transmission/transmission.key -out certs/transmission/transmission.csr


    Note

    There are a number of fields associated with the creation of the certificate. The required fields are:

    Country Name (2 letter code) []:

    State or Province Name (full name) []:

    Locality Name (eg, city) []:

    Organization Name (eg, company) []:

    Organizational Unit Name (eg, section) []: We set this as MQTT Transmission

    Common Name (eg, fully qualified host name) []: We set this as the FQDN of the Chariot server

    Email Address []:


    Extra attributes to be sent with the certificate request are:

    A challenge password []:


  3. Sign the MQTT Transmission Client CSR with the Transmission CA using the command below. This command will sign the CSR "transmission.csr" with the Transmission CA certificate ‘transmissionCA.crt’ and RSA private key ‘transmissionCA.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the private key file "transmissionCA.key".

    Code Block
    languagetext
    openssl x509 -req -in certs/transmission/transmission.csr -CA ca/transmission/transmissionCA.crt -CAkey ca/transmission/transmissionCA.key -CAcreateserial -out certs/transmission/transmission.crt -days 365


We have now generated all the certificates and keys needed to setup SSL connections between Chariot and the MQTT Engine and MQTT Transmission modules:

...