Openssl Certificate Creation
An SSL certificate is an important way to secure user information and protect against hackers.
Openssl Installation (In ubuntu)
To install openssl -
sudo apt install openssl
Certificates Creation
The following commands are used to generate certificates:
To generate CA key:
openssl ecparam -name prime256v1 -genkey -noout -out CA.key
To generate CA certificate:
openssl req -new -x509 -days 1826 -key CA.key -out CA.crt
To generate Client key:
openssl ecparam -name prime256v1 -genkey -noout -out device.key
To generate Client certificate (ex:
device.crt
anddevice.key
) using CA certficate:openssl req -new -out device.csr -key device.key
openssl x509 -req -in device.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out device.crt -days 360
Repeat step 3 and 4 to create an additional set of certificate to use in MQTT explorer (ex:
explorer.crt
andexplorer.key
). (Create with different name for Identification)