Openssl windows how to#
This example shows you how to create a subordinate or registration CA.
Step 5 - Create a subordinate CA configuration fileĬreate a configuration file and save it as nf in the subca directory. Step 4 - Create the subordinate CA directory structureĬreate a directory structure for the subordinate CA at the same level as the rootca directory. openssl ca -selfsign -config nf -in rootca.csr -out rootca.crt -extensions ca_ext Sign the certificate, and commit it to the database. These indicate that the certificate is for a root CA and can be used to sign certificates and certificate revocation lists (CRLs). Specify the ca_ext configuration file extensions on the command line. Self-signing is suitable for testing purposes. Next, create a self-signed CA certificate. openssl req -new -config nf -out rootca.csr -keyout private/rootca.key Name_opt = utf8,esc_ctrl,multiline,lname,alignīasicConstraints = critical,CA:true,pathlen:0įirst, generate a private key and the certificate signing request (CSR) in the rootca directory. Īia_url = crl_url = default_ca = ca_default Step 2 - Create a root CA configuration fileīefore creating a CA, create a configuration file and save it as nf in the rootca directory.
The example then signs the subordinate CA and the device certificate into a certificate hierarchy. The following example uses OpenSSL and the OpenSSL Cookbook to create a certification authority (CA), a subordinate CA, and a device certificate. Although you can purchase X.509 certificates from a trusted certification authority, creating your own test certificate hierarchy or using self-signed certificates is adequate for testing IoT hub device authentication.
0 kommentar(er)
