Openssl Certificate Creation#

An SSL certificate is an important way to secure user information and protect against hackers.

Openssl Installation (In ubuntu)#

1. To install openssl - sudo apt install openssl

Certificates Creation#

The following commands are used to generate certificates:

1. To generate CA key:

   • openssl ecparam -name prime256v1 -genkey -noout -out CA.key

2. To generate CA certificate:

   • openssl req -new -x509 -days 1826 -key CA.key -out CA.crt

3. To generate Client key:

   • openssl ecparam -name prime256v1 -genkey -noout -out device.key

4. To generate Client certificate (ex: device.crt and device.key) using CA certficate:

   • openssl req -new -out device.csr -key device.key

   • openssl x509 -req -in device.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out device.crt -days 360

5. Repeat step 3 and 4 to create an additional set of certificate to use in MQTT explorer (ex: explorer.crt and explorer.key). (Create with different name for Identification).