Page History

...

Navigate to the ChariotCerts parent folder to run the commands below:

Anchor
GenerateRootCACertificate GenerateRootCACertificate

Generate

...

Root CA certificate

...

1. Generate a private key file (ca.key) for the Root CA using the command below. You will be required to enter a pass phrase to be associated with the ca.key file.

   Tip
   Make note of this pass phrase for the Root CA private key file (ca.key) as it will be used multiple times whilst creating the certificate hierarchy.

   
   

   Code Block
   language text
   openssl genrsa -des3 -out ca/ca.key 2048

   
   

2. Generate a self-signed certificate (ca.crt) for the Root CA using the command below. This command generates a new self-signed X.509 certificate named "ca.crt" valid for 3650 days (10 years) using the RSA private key "ca.key". You will be required to enter the pass phrase associated with the private key file "ca.key". 

   Code Block
   language text
   openssl req -new -x509 -key ca/ca.key -days 3650 -out ca/ca.crt

   
   

   Note
   There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.

   
   

Anchor
GenerateServerCACertificate GenerateServerCACertificate

Generate Server CA certificate signed with the Root CA

...

We are now going to repeat this process for the remaining certificates required in the certificate hierarchy.

Anchor
GenerateMQTTEngineClientCACertificate GenerateMQTTEngineClientCACertificate

Generate MQTT Engine Client

...

certificate signed with the Root CA

1. Generate a private key file (engineCA.key) for MQTT Engine CA using the command below. You will be required to enter a pass phrase to be associated with the engineCA.key file.

   Tip
   Make note of this pass phrase for the MQTT Engine CA private key file (engineCA.key) as it will be used again whilst creating the certificate hierarchy.

   
   

   Code Block
   language text
   openssl genrsa -des3 -out ca/engine/engineCA.key 2048

   
   

2. Generate a Certificate Signing Request (CSR) for the MQTT Engine CA using the command below. This command generates a new CSR named "engineCA.csr’ using the RSA private key "engineCA.key" and you will be required to enter the pass phrase for the engineCA.key file created in the previous step.

   Code Block
   language text
   openssl req -new -key ca/engine/engineCA.key -out ca/engine/engineCA.csr

   
   

   Note
   There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.

   
   

3. Sign the MQTT Engine CA with the Root CA using the command below. This command will sign the CSR "engineCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the Root CA private key file "ca.key".

   Code Block
   language text
   openssl x509 -req -in ca/engine/engineCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/engine/engineCA.crt -days 3650

   
   

Anchor
GenerateMQTTTransmissionClientCACertificate GenerateMQTTTransmissionClientCACertificate

Generate MQTT Transmission Client

...

certificate signed with the Root CA

1. Generate a private key file (transmissionCA.key) for MQTT Transmission CA using the command below. You will be required to enter a pass phrase to be associated with the transmissionCA.key file. 

   Tip
   Make note of this pass phrase for the MQTT Transmission CA private key file (transmissionCA.key) as it will be used again whilst creating the certificate hierarchy.

   
   

   Code Block
   language text
   openssl genrsa -des3 -out ca/transmission/transmissionCA.key 2048

   
   

2. Generate a Certificate Signing Request (CSR) for the MQTT Transmission CA using the command below. This command generates a new CSR named "transmissionCA.csr’ using the RSA private key "transmissionCA.key" and you will be required to enter the pass phrase for the transmissionCA.key file created in the previous step.

   Code Block
   language text
   openssl req -new -key ca/transmission/transmissionCA.key -out ca/transmission/transmissionCA.csr

   
   

   Note
   There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server./

   
   

3. Sign the MQTT Transmission CA with the Root CA using the command below. This command will sign the CSR "transmissionCA.csr" with the Root CA certificate ‘ca.crt’ and RSA private key ‘ca.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the Root CA private key file "ca.key".

   Code Block
   language text
   openssl x509 -req -in ca/transmission/transmissionCA.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out ca/transmission/transmissionCA.crt -days 3650

   
   

...

Anchor
GenerateServerCertificate GenerateServerCertificate

Generate Server certificate signed with

...

CA private key

1. Generate private key in PKCS8 format (server.key) for the Chariot server using the command below.

   Code Block
   language text
   openssl genrsa -out certs/server/server.key 2048

   
   

2. Generate a Certificate Signing Request (CSR) for the Chariot server using the command below. This command generates a new CSR named "server.csr’ using the RSA private key "server.key".

   Code Block
   language text
   openssl req -new -key certs/server/server.key -out certs/server/server.csr

   
   

   Note
   There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.

   
   

3. Sign the Server CSR with the Server CA using the command below. This command will sign the CSR "server.csr" with the Server CA certificate ‘serverCA.crt’ and RSA private key ‘serverCA.key’, creating a new X.509 certificate named ‘serverCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the private key file "serverCA.key".

   Code Block
   language text
   openssl x509 -req -in certs/server/server.csr -CA ca/server/serverCA.crt -CAkey ca/server/serverCA.key -CAcreateserial -out certs/server/server.crt -days 3650

   
   

Anchor
GenerateMQTTEngineClientCertificate GenerateMQTTEngineClientCertificate

Generate MQTT Engine Client certificate signed with the

...

CA’s private key

1. Generate private key in PSCK8 format (engine.key) for MQTT Engine using the command below.

   Code Block
   language text
   openssl genrsa -out certs/engine/engine.key 2048

   
   

2. Generate a Certificate Signing Request (CSR) for MQTT Engine using the command below. This command generates a new CSR named "engine.csr’ using the RSA private key "engine.key".

   Code Block
   language text
   openssl req -new -key certs/engine/engine.key -out certs/engine/engine.csr

   
   

   Note
   There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.

   
   

3. Sign the MQTT Engine Client CSR with the Engine CA using the command below. This command will sign the CSR "engine.csr" with the Engine CA certificate ‘engineCA.crt’ and RSA private key ‘engineCA.key’, creating a new X.509 certificate named ‘engineCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the private key file "engineCA.key".

   Code Block
   language text
   openssl x509 -req -in certs/engine/engine.csr -CA ca/engine/engineCA.crt -CAkey ca/engine/engineCA.key -CAcreateserial -out certs/engine/engine.crt -days 3650

   
   

Anchor
GenerateMQTTTransmissionClientCertificate GenerateMQTTTransmissionClientCertificate

Generate MQTT Transmission Client certificate signed with the

...

CA’s private key

1. Generate private key in PKCS8 format (transmission.key) for MQTT Transmission using the command below.

   Code Block
   language text
   openssl genrsa -out certs/transmission/transmission.key 2048

   
   

2. Generate a Certificate Signing Request (CSR) for MQTT Transmission using the command below. This command generates a new CSR named "transmission.csr’ using the RSA private key "transmission.key".

   Code Block
   language text
   openssl req -new -key certs/transmission/transmission.key -out certs/transmission/transmission.csr

   
   

   Note
   There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details where the Common Name must be the Fully Qualified Domain Name (FQDN) of the Chariot server.

   
   

3. Sign the MQTT Transmission Client CSR with the Transmission CA using the command below. This command will sign the CSR "transmission.csr" with the Transmission CA certificate ‘transmissionCA.crt’ and RSA private key ‘transmissionCA.key’, creating a new X.509 certificate named ‘transmissionCA.crt’ valid for 3650 days (10 years). You will be required to enter the pass phrase associated with the private key file "transmissionCA.key".

   Code Block
   language text
   openssl x509 -req -in certs/transmission/transmission.csr -CA ca/transmission/transmissionCA.crt -CAkey ca/transmission/transmissionCA.key -CAcreateserial -out certs/transmission/transmission.crt -days 3650

   
   

...