Use the OpenSSL command to generate self-signed certificates and keys for JEDI One's MQTT TLS:
1. Create a root key (this is an intermediary file not used in JEDI):
openssl genrsa -out root.key 2048
2. Create a root certificate request (this is an intermediary file not used in JEDI):
openssl req -new -key root.key -out root.csr
3. Create a root certificate:
openssl x509 -req -days 365 -sha1 -extensions v3_ca -signkey root.key -in root.csr -out root.crt
4. Create a server key:
openssl genrsa -out server.key 2048
5. Create a server certificate request (this is an intermediary file not used in JEDI):
openssl req -new -key server.key -out server.csr
6. Create a server certificate:
openssl x509 -req -days 365 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in server.csr -out server.crt
7. Configure the MQTT data collector using the files created above as follows:
Server certificate: server.crt
Server Key: server.key
Root Certificate: root.crt
For MQTT clients (IoT devices, MQTT client software, etc) generate the needed certificate and keys:
1. Create a client key:
openssl genrsa -out client.key 2048
2. Create a client certificate request (this is an intermediary file):
openssl req -new -key client.key -out client.csr
3. Create a client certificate:
openssl x509 -req -days 365 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in client.csr -out client.crt
4. Copy the following to the device or client software:
Server Certificate: server.crt (from the previous section above)
Client certificate: client.crt
Client Key: client.key