Template:TLS&DTLS encryption & certificate generation

From Teltonika Telematics Wiki
Revision as of 07:31, 14 July 2022 by MindaugasK (talk | contribs)

Requirements to perform the encryption and generation of the certificate:

  • Server with implemented TLS/DTLS functionality
  • OPENSSL (or any other) software to generate certificate key
  • Firmware FMB.Ver.03.27.xx

Download and install OPEN VPN software:

Download OpenSSL from https://wiki.openssl.org/index.php/Binaries

Figure 1 OPEN VPN installing process

Open command window (cmd.exe) as administrator:

  • After command window is running (as administrator), open easy-rsa directory over CMD:

Example: "cd C:\Program Files\OpenVPN\easy-rsa"

IMG

Figure 2 easy-rsa command input and response

  • In opened directory enter command init-config and run the following batch file to copy

configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files)

IMG

Figure 3 init-config command input and response

VAR.BAT file configuration:

Open vars.bat file with text editor (notepad++) and set parameters of your server described below (enter information that would match to your server and company information). While editing the vars file (called vars.bat on Windows) and set the following parameters:

  • KEY_COUNTRY
  • KEY_PROVINCE
  • KEY_CITY
  • KEY_ORG
  • KEY_EMAIL parameters (don’t leave any of these parameters blank)

Example:

  • set KEY_COUNTRY=LT
  • set KEY_PROVINCE=LTUS
  • set KEY_CITY=Vilnius
  • set KEY_ORG=100.10.11.222
  • set KEY_EMAIL=info@teltonika.lt
  • set KEY_CN=100.10.11.222
  • set KEY_NAME=TeltonikaSUPPORT
  • set KEY_OU=FMB

IMG

Figure 4 Notepad++ view (configurable and default parameters)

After parameters changed, save and close text editor.

Enter commands into CMD

Enter 3 commands listed below one after another: vars clean-all build-ca

IMG

Figure 5 vars, clean-all, build-ca commands inputs and responses

After commands entered click enter to check all inserted parameters, when directory command appears check generated key in --> C:\Program Files\OpenVPN\easy-rsa\keys

IMG

Figure 6 printed parameters which will be used in encryption certificate

Generated key change

Copy all generated files from C:\Program Files\OpenVPN\easy-rsa\keys into new folder and change ca.crt file name and extension into root.pem

IMG

Figure 7 File name and extension change

Upload root certificate to device

NOTE! Certificate extension must be named "root.pem"

IMG

Figure 8 File root.pem upload

IMG

Figure 9 Uploaded root file

Note: to upload new root.pem file current file must be deleted from configuration before.

Configure server and enable encryption mode

IMG

Figure 10 Configuration example

Download certificate function

To Download certificate from FMB device it is necessary to set a path in configurator settings.

IMG

Figure 11 Download certificate parameters.

Then enter security window, mark certificate and click download.

IMG

Figure 12 Download root.pem certificate window.