Generate a self-signed CA certificate:
openssl genrsa -out ca.key 2048
Create the root certificate for EMQX using the CA key:
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem
Generate a server certificate for EMQX:
openssl genrsa -out emqx.key 2048
You have create openssl.cnf
Example of content: openssl.cnf
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = IN
stateOrProvinceName = GUJARAT
localityName = SURAT
organizationName = IOT
commonName = mqtts.weanswer.xyz
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 206.189.140.151
DNS.1 = mqtts.weanswer.xyz
Generate a certificate signing request (CSR) for the server:
openssl req -new -key ./emqx.key -config openssl.cnf -out emqx.csr
Use the CA certificate to sign the server certificate:
openssl x509 -req -in ./emqx.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out emqx.pem -days 3650 -sha256 -extensions v3_req -extfile openssl.cnf
Generate a client certificate:
openssl genrsa -out client.key 2048
Create a client certificate signing request (CSR):
openssl req -new -key client.key -out client.csr -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=EMQX/CN=client"
Sign the client certificate using the CA certificate:
openssl x509 -req -days 3650 -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.pem
By following these steps, you will generate a self-signed CA certificate, create the root certificate for EMQX, issue a server certificate, and generate a client certificate for secure communication within your EMQX environment.