Line 16: |
Line 16: |
| | | |
| | | |
− | 3. Start the OpenSSL Software. Search the '''OpenSSL''' from the Windows starts button.[[File:OPENSSL.png|thumb|364x364px|alt=|none]] | + | 3. Start the OpenSSL Software. Search the '''OpenSSL''' from the Windows starts button. |
| + | [[File:OPEN SSL COMMAND PROMPT.png|left|thumb]] |
| <br /> | | <br /> |
| | | |
| | | |
− | 4. OpenSSL Command Prompt will open it includes the software built, directory, and other information.[[File:OPENSSLDirectory.png|thumb|490x490px|alt=|none]] | + | 4. OpenSSL Command Prompt will open it includes the software built, directory, and other information. |
| + | [[File:OPENSSLDirectory.png|left|thumb|465x465px]] |
| <br /> | | <br /> |
| | | |
| | | |
− | 5. Generating CA key pair. [[File:GenerationCAkeypair.png|thumb|490x490px|alt=|none]] | + | |
| + | 5. Generating CA key pair. |
| + | [[File:GenerationCAkeypair.png|left|thumb|455x455px]] |
| + | |
| '''Command: <span style="background:#3BC6F7">openssl genrsa -des3 -out ca.key 2048''' | | '''Command: <span style="background:#3BC6F7">openssl genrsa -des3 -out ca.key 2048''' |
| '''Note:''' You can create a password for the CA Key Pair | | '''Note:''' You can create a password for the CA Key Pair |
Line 30: |
Line 35: |
| | | |
| 6. Generating certificate for the CA using the CA key pair we created. | | 6. Generating certificate for the CA using the CA key pair we created. |
− | [[File:Command6.png|alt=|thumb|490x490px|none]] | + | [[File:Command6.png|thumb|490x490px|none|link=Special:FilePath/Command6.png]] |
| '''Command: <span style="background:#3BC6F7">openssl req -new -x509 -days 1826 -key ca.key -out ca.crt''' | | '''Command: <span style="background:#3BC6F7">openssl req -new -x509 -days 1826 -key ca.key -out ca.crt''' |
| '''Note:''' CA Certificate is valid for 1826 days or 5 years you can change this according to your requirement. It will ask you to enter the passphrase you created for the CA key. | | '''Note:''' CA Certificate is valid for 1826 days or 5 years you can change this according to your requirement. It will ask you to enter the passphrase you created for the CA key. |
Line 36: |
Line 41: |
| | | |
| 7. Generating a server key pair that will be used by the broker (server) | | 7. Generating a server key pair that will be used by the broker (server) |
− | [[File:Command7.png|alt=|thumb|490x490px|none]] | + | [[File:Command7.png|thumb|490x490px|none|link=Special:FilePath/Command7.png]] |
| '''Command: <span style="background:#3BC6F7">openssl genrsa -out server.key 2048''' | | '''Command: <span style="background:#3BC6F7">openssl genrsa -out server.key 2048''' |
| <br /> | | <br /> |
| | | |
| 8. Generating a certificate request. | | 8. Generating a certificate request. |
− | [[File:Command8.png|alt=|thumb|490x490px|none]] | + | [[File:Command8.png|thumb|490x490px|none|link=Special:FilePath/Command8.png]] |
| '''Command: <span style="background:#3BC6F7">openssl req -new -out server.csr -key server.key''' | | '''Command: <span style="background:#3BC6F7">openssl req -new -out server.csr -key server.key''' |
| '''Note:''' When you fill out the certificate request the common name is the most critical usually it is the domain name of your broker (server). You can use a full domain name or the IP address of your server. We will not send this information to CA because it is a self-signed certificate, we are the CA. | | '''Note:''' When you fill out the certificate request the common name is the most critical usually it is the domain name of your broker (server). You can use a full domain name or the IP address of your server. We will not send this information to CA because it is a self-signed certificate, we are the CA. |
Line 47: |
Line 52: |
| | | |
| 9. Generating server.crt file. | | 9. Generating server.crt file. |
− | [[File:Command9.png|alt=|thumb|490x490px|none]] | + | [[File:Command9.png|thumb|490x490px|none|link=Special:FilePath/Command9.png]] |
| '''Command: <span style="background:#3BC6F7">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt. -days 360''' | | '''Command: <span style="background:#3BC6F7">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt. -days 360''' |
| '''Note''': We will use the CA key to verify and sign the certificate. | | '''Note''': We will use the CA key to verify and sign the certificate. |
Line 53: |
Line 58: |
| | | |
| 10. If all the steps are completed correctly you can check these 3 files from the directory ca.crt, server.crt, and server.key. | | 10. If all the steps are completed correctly you can check these 3 files from the directory ca.crt, server.crt, and server.key. |
− | [[File:Command10.png|alt=|thumb|490x490px|none]] | + | [[File:Command10.png|thumb|490x490px|none|link=Special:FilePath/Command10.png]] |
| '''Command: <span style="background:#3BC6F7">dir''' | | '''Command: <span style="background:#3BC6F7">dir''' |
| '''Note:''' To check the files go to this directory C:\Users\<username>. | | '''Note:''' To check the files go to this directory C:\Users\<username>. |
| <br /> | | <br /> |