Step 4 - Create the subordinate CA directory structureĬreate a directory structure for the subordinate CA at the same level as the rootca directory. openssl ca -selfsign -config nf -in rootca.csr -out rootca.crt -extensions ca_ext Sign the certificate, and commit it to the database. These indicate that the certificate is for a root CA and can be used to sign certificates and certificate revocation lists (CRLs). Specify the ca_ext configuration file extensions on the command line. Self-signing is suitable for testing purposes. Next, create a self-signed CA certificate. openssl req -new -config nf -out rootca.csr -keyout private/rootca.key Name_opt = utf8,esc_ctrl,multiline,lname,alignīasicConstraints = critical,CA:true,pathlen:0įirst, generate a private key and the certificate signing request (CSR) in the rootca directory. Īia_url = crl_url = default_ca = ca_default Step 2 - Create a root CA configuration fileīefore creating a CA, create a configuration file and save it as nf in the rootca directory. The private directory stores the CA private key.The db directory is used for the certificate database.The certs directory stores new certificates.Step 1 - Create the root CA directory structureĬreate a directory structure for the certification authority. This is presented for example purposes only. The example then signs the subordinate CA and the device certificate into a certificate hierarchy. ![]() The following example uses OpenSSL and the OpenSSL Cookbook to create a certification authority (CA), a subordinate CA, and a device certificate. Although you can purchase X.509 certificates from a trusted certification authority, creating your own test certificate hierarchy or using self-signed certificates is adequate for testing IoT hub device authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |