Skip to content

Instantly share code, notes, and snippets.

@AdamJHowell
Last active November 29, 2022 01:10
Show Gist options
  • Save AdamJHowell/a54f606a8111c4ea88d593ac2d06ab9c to your computer and use it in GitHub Desktop.
Save AdamJHowell/a54f606a8111c4ea88d593ac2d06ab9c to your computer and use it in GitHub Desktop.
@ECHO OFF
IF %1.==. GOTO No1
IF %2.==. GOTO No2
set password=%1
set commonName=%2
set OPENSSL_CONF=C:\Certificates\openssl.cnf
ECHO:
ECHO:
ECHO The location of OpenSSL
where openssl.exe
ECHO:
ECHO:
ECHO The OpenSSL version
openssl version
ECHO:
ECHO:
ECHO This command should output only 'openssl.cnf'
dir %OPENSSL_CONF% /B
ECHO:
ECHO:
ECHO This is the hostname, which will be used in step 5:
hostname
rem The next 2 commands create a directory to work in and move into that directory.
rem mkdir C:\Certificates
cd C:\Certificates
ECHO:
ECHO:
ECHO This command removes any previously created files:
del *.key *.csr *.crt *.srl
ECHO:
ECHO:
ECHO Step 1: This step will ask for a password, which will be used in steps 2, 3, and 6.
rem openssl genrsa -des3 -out ca.key 2048
rem openssl genrsa -aes256 -out ca.key 2048
rem openssl genpkey -aes-256-cbc -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:4096
openssl genpkey -aes-256-cbc -pass pass:%password% -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096
ECHO:
ECHO:
ECHO Step 2: After entering the password you just set, answer these prompts using the defaults.
rem openssl req -new -key ca.key -out ca-cert-request.csr -sha256
openssl req -new -key ca.key -out ca-cert-request.csr -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=." -passin pass:%password%
ECHO:
ECHO:
ECHO Step 3: Enter the password you previously set.
rem openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256
openssl x509 -req -in ca-cert-request.csr -signkey ca.key -out ca-root-cert.crt -days 365 -sha256 -passin pass:%password%
ECHO:
ECHO:
ECHO Step 4:
rem openssl genrsa -out server.key 2048
openssl genrsa -out server.key 2048
ECHO:
ECHO:
ECHO Step 5: Answer these prompts entering the hostname as the answer to the "Common Name".
rem openssl req -new -key server.key -out server-cert-request.csr -sha256
openssl req -new -key server.key -out server-cert-request.csr -sha256 -sha256 -subj "/C=US/ST=UT/L=Nunya/O=Private/CN=%commonName%"
ECHO:
ECHO:
ECHO Step 6: Enter the password you previously set.
rem openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360
openssl x509 -req -in server-cert-request.csr -CA ca-root-cert.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -passin pass:%password%
ECHO:
ECHO:
ECHO Here are the details of the server certificate (server.crt):
openssl x509 -text -in server.crt -noout
ECHO:
ECHO:
ECHO Use this command to test against Mosquitto, once it has been configured and started.
ECHO mosquitto_pub -h %commonName% -t mqttsTest42 -p 8883 -m testMessage --cafile "C:\Certificates\ca-root-cert.crt" --cert "C:\Certificates\server.crt" --key "C:\Certificates\server.key"
ECHO If there were no errors, the certificates are now ready to use.
GOTO End1
:No1
ECHO No password was provided!
GOTO End1
:No2
ECHO No Common Name (hostname) was provided!
GOTO End1
:End1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment