Skip to content

Instantly share code, notes, and snippets.

@suru-dissanaike

suru-dissanaike/make-keys.sh

Last active March 28, 2024 11:24
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save suru-dissanaike/4344f572b14c108fc3312fc4fcc3d138 to your computer and use it in GitHub Desktop.
Save suru-dissanaike/4344f572b14c108fc3312fc4fcc3d138 to your computer and use it in GitHub Desktop.
Download ZIP
Create self-signed certificates for Eclipse Mosquitto MQTT broker
Raw
make-keys.sh
#!/bin/bash
IP="192.168.1.22"
SUBJECT_CA="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=CA/CN=$IP"
SUBJECT_SERVER="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=Server/CN=$IP"
SUBJECT_CLIENT="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=Client/CN=$IP"
function generate_CA () {
echo "$SUBJECT_CA"
openssl req -x509 -nodes -sha256 -newkey rsa:2048 -subj "$SUBJECT_CA" -days 365 -keyout ca.key -out ca.crt
}
function generate_server () {
echo "$SUBJECT_SERVER"
openssl req -nodes -sha256 -new -subj "$SUBJECT_SERVER" -keyout server.key -out server.csr
openssl x509 -req -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
}
function generate_client () {
echo "$SUBJECT_CLIENT"
openssl req -new -nodes -sha256 -subj "$SUBJECT_CLIENT" -out client.csr -keyout client.key
openssl x509 -req -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365
}
function copy_keys_to_broker () {
sudo cp ca.crt /etc/mosquitto/certs/
sudo cp server.crt /etc/mosquitto/certs/
sudo cp server.key /etc/mosquitto/certs/
}
generate_CA
generate_server
generate_client
copy_keys_to_broker
@jolugama
Copy link

Hi, first all, delete 'function' words.
seconds, its not working when i restart the service. I don`t know why.

@suru-dissanaike
Copy link
Author

Hi, first all, delete 'function' words.
seconds, its not working when i restart the service. I don`t know why.

Thank you for your feedback; which OS are you running the script from?
I assume you mean mosquitto broker does not work as you expect. What kind of error do you get from your mosquitto log?

@jolugama
Copy link

jolugama commented Sep 21, 2020
edited

From Ubuntu. Sorry, it works. It called the script with "sh" and not with "bash". Your explanation is perfect. The problem I see is that I use "platformio" to program (esp32 and visual code) and there is no library that works well with "tls", so I will just use password without tls. Thanks for your tutorial and for responding so quickly.

@suru-dissanaike
Copy link
Author

From Ubuntu. Sorry, it works. It called the script with "sh" and not with "bash". Your explanation is perfect. The problem I see is that I use "platformio" to program (esp32 and visual code) and there is no library that works well with "tls", so I will just use password without tls. Thanks for your tutorial and for responding so quickly.

I am glad that you got it to work; happy hacking!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment