AdamJHowell/CreateCertificate.bat

## CreateCertificate.bat
@ECHO OFF

IF %1.==. GOTO No1
IF %2.==. GOTO No2

set password=%1
set commonName=%2

set OPENSSL_CONF=C:\Certificates\openssl.cnf

ECHO:
ECHO:
ECHO The location of OpenSSL
where openssl.exe

ECHO:
ECHO:
ECHO The OpenSSL version
openssl version

ECHO:
ECHO:
ECHO This command should output only 'openssl.cnf'
dir %OPENSSL_CONF% /B

ECHO:
ECHO:
ECHO This is the hostname, which will be used in step 5:
hostname

rem The next 2 commands create a directory to work in and move into that directory.
rem mkdir C:\Certificates
cd C:\Certificates

ECHO:
ECHO:
ECHO This command removes any previously created files:
del *.key *.csr *.crt *.srl

ECHO:
ECHO:
ECHO Step 1: This step will ask for a password, which will be used in steps 2, 3, and 6.
rem openssl genrsa -des3 -out ca.key 2048
rem openssl genrsa -aes256 -out ca.key 2048
rem openssl genpkey -aes-256-cbc -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096
openssl genpkey -aes-256-cbc -pass pass:%password% -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096

ECHO:
ECHO:
ECHO Step 2: After entering the password you just set, answer these prompts using the defaults.
rem openssl req -new -key ca.key -out ca-cert-request.csr -sha256
openssl req -new -key ca.key -out ca-cert-request.csr -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=." -passin pass:%password%

ECHO:
ECHO:
ECHO Step 3: Enter the password you previously set.
rem openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256
openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256 -passin pass:%password%

ECHO:
ECHO:
ECHO Step 4:
rem openssl genrsa -out server.key 2048
openssl genrsa -out server.key 2048

ECHO:
ECHO:
ECHO Step 5: Answer these prompts entering the hostname as the answer to the "Common Name".
rem openssl req -new -key server.key -out server-cert-request.csr -sha256
openssl req -new -key server.key -out server-cert-request.csr -sha256 -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=%commonName%"

ECHO:
ECHO:
ECHO Step 6: Enter the password you previously set.
rem openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360
openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -passin pass:%password%

ECHO:
ECHO:
ECHO Here are the details of the server certificate (server.crt):
openssl x509 -text -in server.crt -noout

ECHO:
ECHO:
ECHO Use this command to test against Mosquitto, once it has been configured and started.
ECHO mosquitto_pub -h %commonName% -t mqttsTest42 -p 8883 -m testMessage --cafile "C:\Certificates\ca-root-cert.crt" --cert "C:\Certificates\server.crt" --key "C:\Certificates\server.key"

ECHO If there were no errors, the certificates are now ready to use.
GOTO End1

:No1
  ECHO No password was provided!
GOTO End1

:No2
  ECHO No Common Name (hostname) was provided!
GOTO End1

:End1
	@ECHO OFF

	IF %1.==. GOTO No1
	IF %2.==. GOTO No2

	set password=%1
	set commonName=%2

	set OPENSSL_CONF=C:\Certificates\openssl.cnf

	ECHO:
	ECHO:
	ECHO The location of OpenSSL
	where openssl.exe

	ECHO:
	ECHO:
	ECHO The OpenSSL version
	openssl version

	ECHO:
	ECHO:
	ECHO This command should output only 'openssl.cnf'
	dir %OPENSSL_CONF% /B

	ECHO:
	ECHO:
	ECHO This is the hostname, which will be used in step 5:
	hostname

	rem The next 2 commands create a directory to work in and move into that directory.
	rem mkdir C:\Certificates
	cd C:\Certificates

	ECHO:
	ECHO:
	ECHO This command removes any previously created files:
	del .key .csr .crt .srl

	ECHO:
	ECHO:
	ECHO Step 1: This step will ask for a password, which will be used in steps 2, 3, and 6.
	rem openssl genrsa -des3 -out ca.key 2048
	rem openssl genrsa -aes256 -out ca.key 2048
	rem openssl genpkey -aes-256-cbc -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096
	openssl genpkey -aes-256-cbc -pass pass:%password% -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096

	ECHO:
	ECHO:
	ECHO Step 2: After entering the password you just set, answer these prompts using the defaults.
	rem openssl req -new -key ca.key -out ca-cert-request.csr -sha256
	openssl req -new -key ca.key -out ca-cert-request.csr -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=." -passin pass:%password%

	ECHO:
	ECHO:
	ECHO Step 3: Enter the password you previously set.
	rem openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256
	openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256 -passin pass:%password%

	ECHO:
	ECHO:
	ECHO Step 4:
	rem openssl genrsa -out server.key 2048
	openssl genrsa -out server.key 2048

	ECHO:
	ECHO:
	ECHO Step 5: Answer these prompts entering the hostname as the answer to the "Common Name".
	rem openssl req -new -key server.key -out server-cert-request.csr -sha256
	openssl req -new -key server.key -out server-cert-request.csr -sha256 -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=%commonName%"

	ECHO:
	ECHO:
	ECHO Step 6: Enter the password you previously set.
	rem openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360
	openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -passin pass:%password%

	ECHO:
	ECHO:
	ECHO Here are the details of the server certificate (server.crt):
	openssl x509 -text -in server.crt -noout

	ECHO:
	ECHO:
	ECHO Use this command to test against Mosquitto, once it has been configured and started.
	ECHO mosquitto_pub -h %commonName% -t mqttsTest42 -p 8883 -m testMessage --cafile "C:\Certificates\ca-root-cert.crt" --cert "C:\Certificates\server.crt" --key "C:\Certificates\server.key"

	ECHO If there were no errors, the certificates are now ready to use.
	GOTO End1

	:No1
	ECHO No password was provided!
	GOTO End1

	:No2
	ECHO No Common Name (hostname) was provided!
	GOTO End1

	:End1