Template:TLS&DTLS encryption & certificate generation: Difference between revisions

From Teltonika Telematics Wiki
VisualWikitext
No edit summary
No edit summary
Line 4: Line 4:
*Firmware FMB.Ver.03.27.xx
*Firmware FMB.Ver.03.27.xx


==Download and install OPEN VPN software:==
==Download and install OpenSSL software:==
Download OpenSSL from https://wiki.openssl.org/index.php/Binaries
Download OpenSSL from https://wiki.openssl.org/index.php/Binaries


[[File:Openssl.png]]
[[File:Openssl.png]]


Figure 1 OPEN VPN installing process
Figure 1: website link to OpenSSL software download


==Open command window (cmd.exe) as administrator:==
Once the Wiki page is open, click on the highlighted link in Figure 1 - https://slproweb.com/products/Win32OpenSSL.html. A new page will open with the multiple downloadable files.
*After command window is running (as administrator), open easy-rsa directory over CMD:
Example: "cd C:\Program Files\OpenVPN\easy-rsa"


'''IMG'''
Download the latest available OpenSSL software (light version) with .exe or .msi extensions, in this case the latest one is currently "Win64 OpenSSL v3.0.5 Light". Click on EXE and the file download will start


Figure 2 easy-rsa command input and response
[[File:Openssl location.png | 500x500px]]


*In opened directory enter command init-config and run the following batch file to copy
Figure 2: OpenSSL download links
configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files)


'''IMG'''
Once the file is downloaded, open it and the installation process will start.


Figure 3 init-config command input and response
Upon installation, it is advisable to install the software into the default location, however this can be chosen to the user's preference.


==VAR.BAT file configuration:==
'''The installation path has to be remembered as it will be required in the later stages.'''
Open vars.bat file with text editor (notepad++) and set parameters of your server described below (enter information that would match to your server and company information). While editing the vars file (called vars.bat on Windows) and set the following parameters:<br>
*KEY_COUNTRY
*KEY_PROVINCE
*KEY_CITY
*KEY_ORG
*KEY_EMAIL parameters (don’t leave any of these parameters blank)<br>
Example:
*set KEY_COUNTRY=LT
*set KEY_PROVINCE=LTUS
*set KEY_CITY=Vilnius
*set KEY_ORG=100.10.11.222
*set KEY_CN=100.10.11.222
*set KEY_NAME=TeltonikaSUPPORT
*set KEY_OU=FMB<br>


'''IMG'''
[[File:Openssl install1.png|500x500px]]


Figure 4 Notepad++ view (configurable and default parameters)
Figure 3: install location


After parameters changed, save and close text editor.
Use of /bin directory is advisable for intallation process, because "Windows system directory" can become tricky and overloaded.  


==Enter commands into CMD==
[[File:Openssl install3.png|500x500px]]
Enter 3 commands listed below one after another:
vars
clean-all
build-ca


'''IMG'''
Figure 4: use of /bin directory as preference.


Figure 5 vars, clean-all, build-ca commands inputs and responses
Once installation process is complete, it is required to set up a path to the system preferences so that OpenSSL could be identified.


After commands entered click enter to check all inserted parameters, when directory command appears
Press Windows key and type "This PC".
check generated key in --> C:\Program Files\OpenVPN\easy-rsa\keys
 
'''IMG'''
 
Figure 6 printed parameters which will be used in encryption certificate
 
==Generated key change==
Copy all generated files from C:\Program Files\OpenVPN\easy-rsa\keys into new folder and change ca.crt
file name and extension into root.pem
 
'''IMG'''
 
Figure 7 File name and extension change
 
==Upload root certificate to device==
NOTE! Certificate extension must be named "root.pem"
 
'''IMG'''
 
Figure 8 File root.pem upload
 
'''IMG'''
 
Figure 9 Uploaded root file
 
Note: to upload new root.pem file current file must be deleted from configuration before.
 
==Configure server and enable encryption mode==
'''IMG'''
 
Figure 10 Configuration example
 
==Download certificate function==
To Download certificate from FMB device it is necessary to set a path in configurator settings.
 
'''IMG'''
 
Figure 11 Download certificate parameters.
 
Then enter security window, mark certificate and click download.
 
'''IMG'''
 
Figure 12 Download root.pem certificate window.

Revision as of 10:59, 14 July 2022

Requirements to perform the encryption and generation of the certificate:

  • Server with implemented TLS/DTLS functionality
  • OPENSSL (or any other) software to generate certificate key
  • Firmware FMB.Ver.03.27.xx

Download and install OpenSSL software:

Download OpenSSL from https://wiki.openssl.org/index.php/Binaries

Figure 1: website link to OpenSSL software download

Once the Wiki page is open, click on the highlighted link in Figure 1 - https://slproweb.com/products/Win32OpenSSL.html. A new page will open with the multiple downloadable files.

Download the latest available OpenSSL software (light version) with .exe or .msi extensions, in this case the latest one is currently "Win64 OpenSSL v3.0.5 Light". Click on EXE and the file download will start

Figure 2: OpenSSL download links

Once the file is downloaded, open it and the installation process will start.

Upon installation, it is advisable to install the software into the default location, however this can be chosen to the user's preference.

The installation path has to be remembered as it will be required in the later stages.

Figure 3: install location

Use of /bin directory is advisable for intallation process, because "Windows system directory" can become tricky and overloaded.

Figure 4: use of /bin directory as preference.

Once installation process is complete, it is required to set up a path to the system preferences so that OpenSSL could be identified.

Press Windows key and type "This PC".

Retrieved from "https://wiki.teltonika-gps.com/index.php?title=Template:TLS%26DTLS_encryption_%26_certificate_generation&oldid=74533"