Embedded World: Programming and Practices: TLS/SSL communication via MQTT: Generating Certificates using Openssl

Encryption/ Decryption part TLS/SSL communication via MQTT

Generation TLS/SSL related CA and certificates:

1. Generating server key

openssl genrsa -des3 -out server.key 4096

2. Generate server signing request

openssl req -new -key server.key -out server.csr

3. Genrating certificate authority key

openssl genrsa -des3 -out ca.key 4096

4. Generating certificate authority

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

5. Singing server certificate with certificate authority

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Below is the list of final file user should post executing above mentioned steps

Generated files using openssl
-rw-rw-r-- 1 vikram vikram 2065 May 14 18:20 ca.crt        --- Certificate Authority
-rw-rw-r-- 1 vikram vikram 3311 May 14 18:19 ca.key       --- CA key
-rw-rw-r-- 1 vikram vikram 1956 May 14 18:21 server.crt   ---- Server Certificate
-rw-rw-r-- 1 vikram vikram 1744 May 14 18:15 server.csr  ---- Server Certificate signing request
-rw-rw-r-- 1 vikram vikram 3311 May 14 18:14 server.key      ---- Server Key

Steps to be taken for user authorization

Generating password file

mosquitto_passwd -c /etc/mosquitto/passwd username

To append new user

mosquitto_passwd -U /etc/mosquitto/passwd uasername1

Place password file under dir:
/etc/mosquito/passwd/

Configuration Changes need at server end

mosquitto.conf file ( Changes Needed to start server)
port 8883
bind_address vikram-Veriton
cafile /home/vikram/check/ca.crt
certfile /home/vikram/check/server.crt
keyfile /home/vikram/check/server.key
tls_version tlsv1

password_filwe /etc/mosquito/passwd

Embedded World: Programming and Practices

Pages1

TLS/SSL communication via MQTT: Generating Certificates using Openssl

No comments:

Post a Comment