Versions Compared

Old Version 2

changes.mady.by.user Wes Johnson

Saved on

compared with

New Version 3

changes.mady.by.user Wes Johnson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Generate a RSA key
    • This is the private key and used for encryption/decryption of data.  Keep this private and don't share it with anyone including the CA.  However, the server (MQTT Distributor) will need it to encrypt/decrypt data.
  • Create a Certificate Signing Request (CSR)
    • Generally the CA can provide instructions on how to generate a CSR.  Windows, Linux, and OSX all have tools available for generating a CSR and there is lots of documention online about all of them.
  • Give the CSR to the CA
  • The CA will then provide back a public certificate for use with MQTT Distributor
  • In some cases depending on the CA an intermediate certificate may also be required.  If so, the CA will also provide this.

 

For creating the Java keystore in later steps, these files need to be in Base-64 encoded PEM format.  If the certificate issued by the CA was not in this form, it must be converted to this form.  Openssl is one free tool that can do this.

 

Creating a Self-Signed Certificate:

...

As this point, we need to pull the required components into the keystore.  We'll start with the public/private keypair.  This is the public certificate and the private key that we originally generated.  Click the 'Import Key Pair' icon from the Keystore Explorer menu.  It is the icon with two keys and a blue downward arrow:

 

At this point, since the certificate we're using is in Base-64 encoded PEM format.  We select OpenSSL as the type and click OK:

Image Added

 

Now we can browse to our key and certificate files as shown below and click import:

Image Added

 

Now you will be asked to specify the alias.  You can leave this as the default.  It will reflect the Common Name that was specified during the CSR generation and the CA:

Image Added

 

You will now be asked to specify a password for the keypair.  At this point MQTT Distributor does not support passwords on individual keypairs.  It does support passwords on the overall keystore.  We'll add this in later.  So, for now, leave the two password fields blank and click OK.

Image Added

 

If your CA also requires an intermediate certificate you must also import that as a trusted certificate.  That is done by clicking the red certificate icon shown below.  If you are using a self-signed certificate, you also need to complete this step using your own CA's public certificate:

Image Added

 

Select your trusted certificate as shown below and click ok:

Image Added

You will be asked to verify the public certificate's details.  They will look similar to the following depending on the CA.  Double check the information and select OK:

Image Added

 

You should now see something similar to the following:

Image Added

 

At this point, you can save your keystore and specify a keystore poassword.