...
Generate private key in PSCK8 format (engine.key) for MQTT Engine using the command below.
Code Block |
---|
|
openssl genrsa -out certs/engine/engine.key 2048 |
Generate a Certificate Signing Request (CSR) for MQTT Engine using the command below. This command generates a new CSR named "engine.csr’ using the RSA private key "engine.key".
Code Block |
---|
|
openssl req -new -key certs/engine/engine.key -out certs/engine/engine.csr |
Note |
---|
There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server. |
Sign the MQTT Engine Client CSR with the Engine CA using the command below. This command will sign the CSR "engine.csr" with the Engine CA certificate ‘engineCA.crt’ and RSA private key ‘engineCA.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). An "engineCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "engineCA.key".
Code Block |
---|
|
openssl x509 -req -in certs/engine/engine.csr -CA ca/engine/engineCA.crt -CAkey ca/engine/engineCA.key -CAcreateserial -out certs/engine/engine.crt -days 3653650 |
Anchor |
---|
| GenerateMQTTTransmissionClientCertificate |
---|
| GenerateMQTTTransmissionClientCertificate |
---|
|
Generate MQTT Transmission Client certificate signed with the Transmission CA’s private key
Generate private key in PKCS8 format (transmission.key) for MQTT Transmission using the command below.
Code Block |
---|
|
openssl genrsa -out certs/transmission/transmission.key 2048 |
Generate a Certificate Signing Request (CSR) for MQTT Transmission using the command below. This command generates a new CSR named "transmission.csr’ using the RSA private key "transmission.key".
Code Block |
---|
|
openssl req -new -key certs/transmission/transmission.key -out certs/transmission/transmission.csr |
Note |
---|
There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server. |
Sign the MQTT Transmission Client CSR with the Transmission CA using the command below. This command will sign the CSR "transmission.csr" with the Transmission CA certificate ‘transmissionCA.crt’ and RSA private key ‘transmissionCA.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). An "transmissionCA.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "transmissionCA.key".
Code Block |
---|
|
openssl x509 -req -in certs/transmission/transmission.csr -CA ca/transmission/transmissionCA.crt -CAkey ca/transmission/transmissionCA.key -CAcreateserial -out certs/transmission/transmission.crt -days 3653650 |
We have now generated all the certificates and keys needed to setup SSL connections between Chariot and the MQTT Engine and MQTT Transmission modules:
...