Skip to content

Latest commit

 

History

History

cert-generation-ca

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.gitignore
.gitignore
 
 
README.md
README.md
 
 
iotconnect-config
iotconnect-config
 
 
makecerts.sh
makecerts.sh
 
 
pem-to-c.sh
pem-to-c.sh
 
 

README.md

Introduction

This directory contains the scripts and sample certificates that are tested to work with Azure IoTHub.

IMPORTANT: This script is provided with ease of use in mind. Private keys generated with this script are not password protected and are insecure, hence they should not be used in production. Learn more about password protecting your root certificates from openssl user manual and modify commands on the makecerts.sh script accordingly.

File and directory overview

makecerts.sh - Main script used to make root CA files and device certificates and keys. See below for instructions. iotconnect-config - Configuration file, which will be sued to generate certificates and keys. pem-to.sh - Utlity script that can be used to generate C constants from pem files.

certs/-crt.pem - Root CA Certificates with subject names used for file names certs/-key.pem - Root CA Private Keys with subject names used for file names certs/-crt.srl - Serial number intermediate files that openssl may use.

CPID/-crt.pem - Device certificates per device. CPID/-key.pem - Device private keys. CPID/-c-snippets.txt - Generated snippets for testing certificates in C code

makecerts.sh instructions

Initial Setup
  • Obtain your CPID by copying it from the IoTConnect UI web page at Settings->Company Profile.
  • Populate values in iotconnect-config per comments for individual fields in the actual file.
Creating a New Certificate:
  • Ensure that initial setup steps are complete above.
  • Create a new certificate, invoke "./makecerts.sh root".
  • To upload the certificate at IoTConnect, go to Device->Certificates page and upload the -crt.pem file generated per new subject name.
  • The certificate status will show "pending" and needs proof of ownership. To start this verification procedure, copy the verification code displayed next to your certificate.
  • run "./makecerts.h verify code", with pasted code displayed on the site.
  • click the upload icon on the right side next to your certificate.
  • Browse to the file named code-verify-crt.pem and click the Verify button.
  • The certificate status should show Verified.
Creating a New Device Certificate and Key
  • Create a new device certificate and private key by invoking "./makecerts.sh device deviceName"
  • A device certificate and key will be generated in your CPID directory.
  • Create a new device with the same name (deviceName) at IoTConnect web site. Be sure to use a device template that uses CA Certificate authentication.