Template:TLS&DTLS encryption & certificate generation
Requirements to perform the encryption and generation of the certificate:
- Server with implemented TLS/DTLS functionality
- OPENSSL (or any other) software to generate certificate key
- Firmware FMB.Ver.03.27.xx
Download and install OPEN VPN software:
Download OpenSSL from https://wiki.openssl.org/index.php/Binaries
Figure 1 OPEN VPN installing process
Open command window (cmd.exe) as administrator:
- After command window is running (as administrator), open easy-rsa directory over CMD:
Example: "cd C:\Program Files\OpenVPN\easy-rsa"
IMG
Figure 2 easy-rsa command input and response
- In opened directory enter command init-config and run the following batch file to copy
configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files)
IMG
Figure 3 init-config command input and response
VAR.BAT file configuration:
Open vars.bat file with text editor (notepad++) and set parameters of your server described below (enter information that would match to your server and company information). While editing the vars file (called vars.bat on Windows) and set the following parameters:
- KEY_COUNTRY
- KEY_PROVINCE
- KEY_CITY
- KEY_ORG
- KEY_EMAIL parameters (don’t leave any of these parameters blank)
Example:
- set KEY_COUNTRY=LT
- set KEY_PROVINCE=LTUS
- set KEY_CITY=Vilnius
- set KEY_ORG=100.10.11.222
- set KEY_EMAIL=info@teltonika.lt
- set KEY_CN=100.10.11.222
- set KEY_NAME=TeltonikaSUPPORT
- set KEY_OU=FMB
IMG
Figure 4 Notepad++ view (configurable and default parameters)
After parameters changed, save and close text editor.
Enter commands into CMD
Enter 3 commands listed below one after another: vars clean-all build-ca
IMG
Figure 5 vars, clean-all, build-ca commands inputs and responses
After commands entered click enter to check all inserted parameters, when directory command appears check generated key in --> C:\Program Files\OpenVPN\easy-rsa\keys
IMG
Figure 6 printed parameters which will be used in encryption certificate
Generated key change
Copy all generated files from C:\Program Files\OpenVPN\easy-rsa\keys into new folder and change ca.crt file name and extension into root.pem
IMG
Figure 7 File name and extension change
Upload root certificate to device
NOTE! Certificate extension must be named "root.pem"
IMG
Figure 8 File root.pem upload
IMG
Figure 9 Uploaded root file
Note: to upload new root.pem file current file must be deleted from configuration before.
Configure server and enable encryption mode
IMG
Figure 10 Configuration example
Download certificate function
To Download certificate from FMB device it is necessary to set a path in configurator settings.
IMG
Figure 11 Download certificate parameters.
Then enter security window, mark certificate and click download.
IMG
Figure 12 Download root.pem certificate window.