Skip to main content
Version: Next

A - Creating and Converting Certificates

All commands in this section use openssl which is readily available for Windows, Linux and OS X.

tip

On windows you might need to run openssl.exe instead of openssl (in the shell commands below)

info

shell, commandline and terminal are used interchangeably in this section ...

If you came to this section, it is assumed, that you are in general aware of how to run commands on the commandline of your computer.

Creating your own CA certificate

# In shell run these lines one after the other (because some need interaction)
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

These commands create a ca key and certificate. The certificate is supposed to be shared with all devices. Keep the key secure, it is used to sign other certificates. Hence the name CA (Certificate Authority)

Creating a computer certificate and sign it with CA

This time around you create a key and a certificate signing request which is then signed by the CA to create a certificate.

openssl genrsa -des3 -out my_client.key 2048
openssl req -new -out my_client.csr -key my_client.key

Send/upload this .csr file to the CA for signing. Unless you ARE the CA, then run

openssl x509 -req -in my_client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out my_client.crt -days 360

Converting a .crt/.pem and a .key file to a .pfx file

openssl pkcs12 -export -out my_client.pfx -inkey my_client.key -in my_client.crt
tip

The export password you set here is the password you will need to set in the SmoothMQTT certificate asset (see Certificate Assets).