Last active
November 29, 2022 01:10
-
-
Save AdamJHowell/a54f606a8111c4ea88d593ac2d06ab9c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@ECHO OFF | |
IF %1.==. GOTO No1 | |
IF %2.==. GOTO No2 | |
set password=%1 | |
set commonName=%2 | |
set OPENSSL_CONF=C:\Certificates\openssl.cnf | |
ECHO: | |
ECHO: | |
ECHO The location of OpenSSL | |
where openssl.exe | |
ECHO: | |
ECHO: | |
ECHO The OpenSSL version | |
openssl version | |
ECHO: | |
ECHO: | |
ECHO This command should output only 'openssl.cnf' | |
dir %OPENSSL_CONF% /B | |
ECHO: | |
ECHO: | |
ECHO This is the hostname, which will be used in step 5: | |
hostname | |
rem The next 2 commands create a directory to work in and move into that directory. | |
rem mkdir C:\Certificates | |
cd C:\Certificates | |
ECHO: | |
ECHO: | |
ECHO This command removes any previously created files: | |
del *.key *.csr *.crt *.srl | |
ECHO: | |
ECHO: | |
ECHO Step 1: This step will ask for a password, which will be used in steps 2, 3, and 6. | |
rem openssl genrsa -des3 -out ca.key 2048 | |
rem openssl genrsa -aes256 -out ca.key 2048 | |
rem openssl genpkey -aes-256-cbc -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096 | |
openssl genpkey -aes-256-cbc -pass pass:%password% -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096 | |
ECHO: | |
ECHO: | |
ECHO Step 2: After entering the password you just set, answer these prompts using the defaults. | |
rem openssl req -new -key ca.key -out ca-cert-request.csr -sha256 | |
openssl req -new -key ca.key -out ca-cert-request.csr -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=." -passin pass:%password% | |
ECHO: | |
ECHO: | |
ECHO Step 3: Enter the password you previously set. | |
rem openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256 | |
openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256 -passin pass:%password% | |
ECHO: | |
ECHO: | |
ECHO Step 4: | |
rem openssl genrsa -out server.key 2048 | |
openssl genrsa -out server.key 2048 | |
ECHO: | |
ECHO: | |
ECHO Step 5: Answer these prompts entering the hostname as the answer to the "Common Name". | |
rem openssl req -new -key server.key -out server-cert-request.csr -sha256 | |
openssl req -new -key server.key -out server-cert-request.csr -sha256 -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=%commonName%" | |
ECHO: | |
ECHO: | |
ECHO Step 6: Enter the password you previously set. | |
rem openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360 | |
openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -passin pass:%password% | |
ECHO: | |
ECHO: | |
ECHO Here are the details of the server certificate (server.crt): | |
openssl x509 -text -in server.crt -noout | |
ECHO: | |
ECHO: | |
ECHO Use this command to test against Mosquitto, once it has been configured and started. | |
ECHO mosquitto_pub -h %commonName% -t mqttsTest42 -p 8883 -m testMessage --cafile "C:\Certificates\ca-root-cert.crt" --cert "C:\Certificates\server.crt" --key "C:\Certificates\server.key" | |
ECHO If there were no errors, the certificates are now ready to use. | |
GOTO End1 | |
:No1 | |
ECHO No password was provided! | |
GOTO End1 | |
:No2 | |
ECHO No Common Name (hostname) was provided! | |
GOTO End1 | |
:End1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment