![]() ![]() Because you can use the root CA to sign certificates, creating a subordinate CA isn’t strictly necessary. This example shows you how to create a subordinate or registration CA. Step 5 - Create a subordinate CA configuration fileĬreate a configuration file and save it as nf in the subca directory. Step 4 - Create the subordinate CA directory structureĬreate a directory structure for the subordinate CA at the same level as the rootca directory. openssl ca -selfsign -config nf -in rootca.csr -out rootca.crt -extensions ca_ext Sign the certificate, and commit it to the database. These extensions indicate that the certificate is for a root CA and can be used to sign certificates and certificate revocation lists (CRLs). Specify the ca_ext configuration file extensions on the command line. Self-signing is suitable for testing purposes. Next, create a self-signed CA certificate. openssl req -new -config nf -out rootca.csr -keyout private/rootca.key Name_opt = utf8,esc_ctrl,multiline,lname,alignīasicConstraints = critical,CA:true,pathlen:0įirst, generate a private key and the certificate signing request (CSR) in the rootca directory. Īia_url = crl_url = default_ca = ca_default Step 2 - Create a root CA configuration fileīefore creating a CA, create a configuration file and save it as nf in the rootca directory. The private directory stores the CA private key.The db directory stores the certificate database.The certs directory stores new certificates.Step 1 - Create the root CA directory structureĬreate a directory structure for the certificate authority. For more information, see Managing test CA certificates for samples and tutorials in the GitHub repository for the Azure IoT Hub Device SDK for C. ![]() You must use your own best practices for certificate creation and lifetime management in a production environment. The certificates contain hard-coded passwords (“1234”) and expire after 30 days. Certificates created by them must not be used for production. The scripts are provided for demonstration purposes only. ![]() The scripts are included with the Azure IoT Hub Device SDK for C. Microsoft provides PowerShell and Bash scripts to help you understand how to create your own X.509 certificates and authenticate them to an IoT hub.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |