How to Generate TLS Certificates and Keys

 

Use the OpenSSL command to generate self-signed certificates and keys for JEDI One's MQTT TLS:

 

1. Create a root key (this is an intermediary file not used in JEDI):

openssl genrsa -out root.key 2048

 

2. Create a root certificate request (this is an intermediary file not used in JEDI):

openssl req -new -key root.key -out root.csr

 

3. Create a root certificate:

openssl x509 -req -days 365 -sha1 -extensions v3_ca -signkey root.key -in root.csr -out root.crt

 

4. Create a server key:

openssl genrsa -out server.key 2048

 

5. Create a server certificate request (this is an intermediary file not used in JEDI):

openssl req -new -key server.key -out server.csr

 

6. Create a server certificate:

openssl x509 -req -days 365 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in server.csr -out server.crt

 

7. Configure the MQTT data collector using the files created above as follows:

Server certificate:  server.crt

Server Key:                server.key

Root Certificate:     root.crt

 

For MQTT clients (IoT devices, MQTT client software, etc) generate the needed certificate and keys:

 

1. Create a client key:

openssl genrsa -out client.key 2048

 

2. Create a client certificate request (this is an intermediary file):

openssl req -new -key client.key -out client.csr

 

3. Create a client certificate:

openssl x509 -req -days 365 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in client.csr -out client.crt

 

4. Copy the following to the device or client software:

Server Certificate:      server.crt  (from the previous section above)

Client certificate:        client.crt

Client Key:                      client.key

 

 

Was this article helpful?
0 out of 0 found this helpful