Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
...
Generate a private key file (ca.key) for the Root CA using the command below. You will be required to enter a pass phrase to be associated with the ca.key file.
Tip |
---|
Make note of this pass phrase for the Root CA private key file (ca.key) as it will be used multiple times whilst creating the certificate hierarchy. |
Code Block | ||
---|---|---|
| ||
openssl genrsa -des3 -out ca/ca.key 2048 |
Generate a self-signed certificate (ca.crt) for the Root CA using the command below. This command generates a new self-signed X.509 certificate named "ca.crt" valid for 3650 days (10 years) using the RSA private key "ca.key". A "ca.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "ca.key".
Code Block | ||
---|---|---|
| ||
openssl req -new -x509 -key ca/ca.key -days 3650 -out ca/ca.crt |
Note |
---|
There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server. |
...
Generate a private key file (serverCA.key) for the Server CA using the command below. You will be required to enter a pass phrase to be associated with the serverCA.key file.
Tip |
---|
Make note of this pass phrase for the Server CA private key file (serverCA.key) as it will be used again whilst creating the certificate hierarchy. |
Code Block | ||
---|---|---|
| ||
openssl genrsa -des3 -out ca/server/serverCA.key 2048 |
Generate a Certificate Signing Request (CSR) for the server CA using the command below. This command generates a new CSR named "serverCA.csr’ using the RSA private key "serverCA.key" and you will be required to enter the pass phrase for the serverCA.key file created in the previous step.
Code Block | ||
---|---|---|
| ||
openssl req -new -key ca/server/serverCA.key -out ca/server/serverCA.csr |
Note |
---|
There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where theCommon Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server. |
Sign the Server CA with the Root CA using the command below. This command will sign the CSR "serverCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘serverCA.crt’ valid for 3650 days (10 years). A "ca.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the Root CA private key file "ca.key".
Code Block | ||
---|---|---|
| ||
openssl x509 -req -in ca/server/serverCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/server/serverCA.crt -days 3650 |
...