Wiki Knowledge Base | Teltonika GPS

Changes

Creating self-signed CA certificates and keys using OpenSSL (view source)

Revision as of 15:33, 8 October 2023

335 bytes removed ,  15:33, 8 October 2023
no edit summary
Line 1: Line 1: −
  −
Creating self-signed CA certificates and keys is easy and fun, here you will find the full guide on how to create a self-signed CA certificate and keys using OpenSSL.
  −
   
==Instructions==
 
==Instructions==
 
To create CA certificates and keys please follow the steps below.
 
To create CA certificates and keys please follow the steps below.
Line 16: Line 13:       −
3. Start the OpenSSL Software. Search the '''OpenSSL''' from the Windows starts button.
+
3. Start the OpenSSL Software. Search the '''OpenSSL''' from the Windows starts button.[[File:OPENSSL.png|thumb|364x364px|alt=|none]]
[[File:OPEN SSL COMMAND PROMPT.png|left|thumb]]
   
<br />
 
<br />
      −
 
+
4. OpenSSL Command Prompt will open it includes the software built, directory, and other information.[[File:OPENSSLDirectory.png|thumb|490x490px|alt=|none]]
 
  −
 
  −
4. OpenSSL Command Prompt will open it includes the software built, directory, and other information.
  −
[[File:OPENSSLDirectory.png|left|thumb|465x465px]]
   
<br />
 
<br />
      −
           
+
5. Generating CA key pair. [[File:GenerationCAkeypair.png|thumb|490x490px|alt=|none]]
5. Generating CA key pair.  
  −
[[File:GenerationCAkeypair.png|left|thumb|455x455px]]
  −
 
  −
 
  −
 
  −
 
  −
 
  −
 
   
  '''Command: <span style="background:#3BC6F7">openssl genrsa -des3 -out ca.key 2048'''
 
  '''Command: <span style="background:#3BC6F7">openssl genrsa -des3 -out ca.key 2048'''
 
  '''Note:''' You can create a password for the CA Key Pair
 
  '''Note:''' You can create a password for the CA Key Pair
Line 43: Line 27:     
6. Generating certificate for the CA using the CA key pair we created.  
 
6. Generating certificate for the CA using the CA key pair we created.  
[[File:Command6.png|thumb|490x490px|none|link=Special:FilePath/Command6.png]]
+
[[File:Command6.png|alt=|thumb|490x490px|none]]
 
  '''Command:  <span style="background:#3BC6F7">openssl req -new -x509 -days 1826 -key ca.key -out ca.crt'''
 
  '''Command:  <span style="background:#3BC6F7">openssl req -new -x509 -days 1826 -key ca.key -out ca.crt'''
 
  '''Note:''' CA Certificate is valid for 1826 days or 5 years you can change this according to your requirement. It will ask you to enter the passphrase you created for the CA key.
 
  '''Note:''' CA Certificate is valid for 1826 days or 5 years you can change this according to your requirement. It will ask you to enter the passphrase you created for the CA key.
Line 49: Line 33:     
7. Generating a server key pair that will be used by the broker (server)
 
7. Generating a server key pair that will be used by the broker (server)
  [[File:Command7.png|thumb|490x490px|none|link=Special:FilePath/Command7.png]]
+
  [[File:Command7.png|alt=|thumb|490x490px|none]]
 
  '''Command: <span style="background:#3BC6F7">openssl genrsa -out server.key 2048'''
 
  '''Command: <span style="background:#3BC6F7">openssl genrsa -out server.key 2048'''
 
<br />
 
<br />
    
8. Generating a certificate request.
 
8. Generating a certificate request.
[[File:Command8.png|thumb|490x490px|none|link=Special:FilePath/Command8.png]]
+
[[File:Command8.png|alt=|thumb|490x490px|none]]
 
  '''Command: <span style="background:#3BC6F7">openssl req -new -out server.csr -key server.key'''
 
  '''Command: <span style="background:#3BC6F7">openssl req -new -out server.csr -key server.key'''
 
  '''Note:''' When you fill out the certificate request the common name is the most critical usually it is the domain name of your broker (server). You can use a full domain name or the IP address of your server. We will not send this information to CA because it is a self-signed certificate, we are the CA.  
 
  '''Note:''' When you fill out the certificate request the common name is the most critical usually it is the domain name of your broker (server). You can use a full domain name or the IP address of your server. We will not send this information to CA because it is a self-signed certificate, we are the CA.  
Line 60: Line 44:     
9. Generating server.crt file.
 
9. Generating server.crt file.
[[File:Command9.png|thumb|490x490px|none|link=Special:FilePath/Command9.png]]
+
[[File:Command9.png|alt=|thumb|490x490px|none]]
 
  '''Command: <span style="background:#3BC6F7">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt. -days 360'''
 
  '''Command: <span style="background:#3BC6F7">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt. -days 360'''
 
  '''Note''': We will use the CA key to verify and sign the certificate.
 
  '''Note''': We will use the CA key to verify and sign the certificate.
Line 66: Line 50:     
10. If all the steps are completed correctly you can check these 3 files from the directory ca.crt, server.crt, and server.key.
 
10. If all the steps are completed correctly you can check these 3 files from the directory ca.crt, server.crt, and server.key.
[[File:Command10.png|thumb|490x490px|none|link=Special:FilePath/Command10.png]]
+
[[File:Command10.png|alt=|thumb|490x490px|none]]
 
  '''Command: <span style="background:#3BC6F7">dir'''  
 
  '''Command: <span style="background:#3BC6F7">dir'''  
 
  '''Note:''' To check the files go to this directory C:\Users\<username>.
 
  '''Note:''' To check the files go to this directory C:\Users\<username>.
 
<br />
 
<br />
Retrieved from "https://wiki.teltonika-gps.com/view/Special:MobileDiff/89474"