Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
Page History
...
Generate a private key file (ca.key) for the Root CA using the command below. You will be required to enter a pass phrase to be associated with the ca.key file.
Tip Make note of this pass phrase for the Root CA private key file (ca.key) as it will be used multiple times whilst creating the certificate hierarchy.
Code Block language text openssl genrsa -des3 -out ca/ca.key 2048
Generate a self-signed certificate (ca.crt) for the Root CA using the command below. This command generates a new self-signed X.509 certificate named "ca.crt" valid for 3650 days (10 years) using the RSA private key "ca.key". A "ca.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "ca.key".
Code Block language text openssl req -new -x509 -key ca/ca.key -days 3650 -out ca/ca.crt
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your country code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your organization name
Organizational Unit Name (eg, section) []: CA
Common Name (eg, fully qualified host name) [] This MUST be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []: Your email address
Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.
Anchor GenerateServerCACertificate GenerateServerCACertificate
Generate Server CA certificate signed with Anchor GenerateServerCACertificate GenerateServerCACertificate Generate Server CA certificate signed with the Root CA
| GenerateServerCACertificate | |
| GenerateServerCACertificate |
Generate a private key file (serverCA.key) for the Server CA using the command below. You will be required to enter a pass phrase to be associated with the serverCA.key file.
Tip Make note of this pass phrase for the Server CA private key file (serverCA.key) as it will be used again whilst creating the certificate hierarchy.
Code Block language text openssl genrsa -des3 -out ca/server/serverCA.key 2048
Generate a Certificate Signing Request (CSR) for the server CA using the command below. This command generates a new CSR named "serverCA.csr’ using the RSA private key "serverCA.key" and you will be required to enter the pass phrase for the serverCA.key file created in the previous step.
Code Block language text openssl req -new -key ca/server/serverCA.key -out ca/server/serverCA.csr
Note There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where theCommon Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.
Sign the Server CA with the Root CA using the command below. This command will sign the CSR "serverCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘serverCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the Root CA private key file "ca.key".
Code Block language text openssl x509 -req -in ca/server/serverCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/server/serverCA.crt -days 3650
...
Generate a private key file (engineCA.key) for MQTT Engine CA using the command below. You will be required to enter a pass phrase to be associated with the engineCA.key file.
Tip Make note of this pass phrase for the MQTT Engine CA private key file (engineCA.key) as it will be used again whilst creating the certificate hierarchy.
Code Block language text openssl genrsa -des3 -out ca/engine/engineCA.key 2048
Generate a Certificate Signing Request (CSR) for the MQTT Engine CA using the command below. This command generates a new CSR named "engineCA.csr’ using the RSA private key "engineCA.key" and you will be required to enter the pass phrase for the engineCA.key file created in the previous step.
Code Block language text openssl req -new -key ca/engine/engineCA.key -out ca/engine/engineCA.csr
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your county code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your company name
Organizational Unit Name (eg, section) []: MQTT Engine CA
Common Name (eg, fully qualified host name) []: This MUST be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []:
Extra attributes to be sent with the certificate request are:
A challenge password []: Any alpha-numeric phrase
Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.
Sign the MQTT Engine CA with the Root CA using the command below. This Sign the MQTT Engine CA with the Root CA using the command below. This command will sign the CSR "engineCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the Root CA private key file "ca.key".
Code Block language text openssl x509 -req -in ca/engine/engineCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/engine/engineCA.crt -days 3650
...
Generate a private key file (transmissionCA.key) for MQTT Transmission CA using the command below. You will be required to enter a pass phrase to be associated with the transmissionCA.key file.
Tip Make note of this pass phrase for the MQTT Transmission CA private key file (transmissionCA.key) as it will be used again whilst creating the certificate hierarchy.
Code Block language text openssl genrsa -des3 -out ca/transmission/transmissionCA.key 2048
Generate a Certificate Signing Request (CSR) for the MQTT Transmission CA using the command below. This command generates a new CSR named "transmissionCA.csr’ using the RSA private key "transmissionCA.key" and you will be required to enter the pass phrase for the transmissionCA.key file created in the previous step.
Code Block language text openssl req -new -key ca/transmission/transmissionCA.key -out ca/transmission/transmissionCA.csrprevious step.
Code Block language text openssl req -new -key ca/transmission/transmissionCA.key -out ca/transmission/transmissionCA.csrNote There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your country code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your company name
Organizational Unit Name (eg, section) []: MQTT Transmission CA
Common Name (eg, fully qualified host name) []: This MUST be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []: Your email address
Extra attributes to be sent with the certificate request are:
A challenge password []: Any alpha-numeric phrasethe Chariot server.
Sign the MQTT Transmission CA with the Root CA using the command below. This command will sign the CSR "transmissionCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the Root CA private key file "ca.key".
Code Block language text openssl x509 -req -in ca/transmission/transmissionCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/transmission/transmissionCA.crt -days 3650
...
Generate private key in PKCS8 format (server.key) for the Chariot server using the command below.
Code Block language text openssl genrsa -out certs/server/server.key 2048
******* Convert from PKCS8 format to PCKS1 until Chariot supports PKCS8 format CS-612 *********
Code Block language text openssl rsa -in certs/server/server.key -traditional -out certs/server/server.key
Generate a Certificate Signing Request (CSR) for the Chariot server using the command below. This command generates a new CSR named "server.csr’ using the RSA private key "server.key".
Code Block language text openssl req -new -key certs/server/server.key -out certs/server/server.csr
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your county code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your company name
Organizational Unit Name (eg, section) []: Chariot
Common Name (eg, fully qualified host name) []: This MUST be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []: Your email address
Extra attributes to be sent with the certificate request are:
A challenge password []: Any alpha-numeric phraseFill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.
Sign the Server CSR with the Server CA using the command below. This command will sign the CSR "server.csr" with the Server CA certificate ‘serverCA.crt’ and RSA private key ‘serverCA.key’, creating a new X.509 certificate named ‘serverCA.crt’ valid for 3650 days (10 years). A "serverCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "serverCA.key".
Code Block language text openssl x509 -req -in certs/server/server.csr -CA ca/server/serverCA.crt -CAkey ca/server/serverCA.key -CAcreateserial -out certs/server/server.crt -days 365
...
Generate private key in PSCK8 format (engine.key) for MQTT Engine using the command below.
Code Block language text openssl genrsa -out certs/engine/engine.key 2048
Generate a Certificate Signing Request (CSR) for MQTT Engine using the command below. This command generates a new CSR named "engine.csr’ using the RSA private key "engine.key".
Code Block language text openssl req -new -key certs/engine/engine.key -out certs/engine/engine.csr
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your country code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your company name
Organizational Unit Name (eg, section) []: MQTT Engine
Common Name (eg, fully qualified host name) []: This MUST be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []: Your email address
Extra attributes to be sent with the certificate request are:
A challenge password []: Any alpha-numeric phraseFill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.
Sign the MQTT Engine Client CSR with the Engine CA using the command below. This command will sign the CSR "engine.csr" with the Engine CA certificate ‘engineCA.crt’ and RSA private key ‘engineCA.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). An "engineCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "engineCA.key".
Code Block language text openssl x509 -req -in certs/engine/engine.csr -CA ca/engine/engineCA.crt -CAkey ca/engine/engineCA.key -CAcreateserial -out certs/engine/engine.crt -days 365
...
Generate private key in PKCS8 format (transmission.key) for MQTT Transmission using the command below.
Code Block language text openssl genrsa -out certs/transmission/transmission.key 2048
Generate a Certificate Signing Request (CSR) for MQTT Transmission using the command below. This command generates a new CSR named "transmission.csr’ using the RSA private key "transmission.key".
Code Block language text openssl req -new -key certs/transmission/transmission.key -out certs/transmission/transmission.csr
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your country code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your company name
Organizational Unit Name (eg, section) []: MQTT Transmission
Common Name (eg, fully qualified host name) []: This MUST be Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []: Your email address
Extra attributes to be sent with the certificate request are:
A challenge password []: Any alpha-numeric phrase.
Sign the MQTT Transmission Client CSR with the Transmission CA using the command below. This command will sign the CSR "transmission.csr" with the Transmission CA certificate ‘transmissionCA.crt’ and RSA private key ‘transmissionCA.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). An "transmissionCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "transmissionCA.key".
Code Block language text openssl x509 -req -in certs/transmission/transmission.csr -CA ca/transmission/transmissionCA.crt -CAkey ca/transmission/transmissionCA.key -CAcreateserial -out certs/transmission/transmission.crt -days 365
...
Overview
Content Tools