Skip to content

Instantly share code, notes, and snippets.

@ilyas-it83
Created June 24, 2019 04:27
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ilyas-it83/b4c1a901565746be0c4aa4113365af2f to your computer and use it in GitHub Desktop.
Create Root and Intermediate Certs for Azure IoT Hub Device Provisioning Service

#Generate Root Certificate key.

openssl genrsa –out RootCA.key 4096 - Private

#Generate Root certificate.

openssl req –new –x509 –days 1826 –key RootCA.key –out RootCA.crt -outform PEM

#Generate Intermediate CA certificate key

openssl genrsa –out IntermediateCA.key 4096

#Generate Intermediate CA CSR.

openssl req –new –key IntermediateCA.key –out IntermediateCA.csr

#Sign the Intermediate CA by the Root CA.

openssl x509 –req –days 1000 –in IntermediateCA.csr –CA RootCA.crt –CAkey RootCA.key –CAcreateserial –out IntermediateCA.crt

#Generate device certificate key

openssl genrsa –out device.key 2048

#Generate device certificate CSR.

openssl req –new –key device.key –out device.csr

#To sign the device certficate with the Intermediate CA.

openssl x509 –req –days 1000 –in device.csr –CA IntermediateCA.crt –CAkey IntermediateCA.key –set_serial 0101 –out device.crt –sha1

#To sign the device certficate with the Root Certificate

openssl x509 –req –days 1000 –in device.csr –CA RootCA.crt –CAkey RootCA.key –set_serial 0101 –out device.crt –sha1

#Create verification key and csr

openssl genrsa -out verification.key 2048 openssl req -new -key verification.key -out verification.csr

#It will prompt for cert fields. #IMPORTANT: The Common Name needs to be your Verification Code (generate and copy that from portal)

Create verification pem

openssl x509 -req -in verification.csr -CA RootCA.crt -CAkey RootCA.key -CAcreateserial -out verification.pem -days 500 -sha256

crt -pem convertion

openssl x509 -in device.crt -out device.pem -outform PEM

openssl pkcs12 -export -out device.pfx -inkey device.key -in device.crt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment