-
-
Save suru-dissanaike/4344f572b14c108fc3312fc4fcc3d138 to your computer and use it in GitHub Desktop.
#!/bin/bash | |
IP="192.168.1.22" | |
SUBJECT_CA="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=CA/CN=$IP" | |
SUBJECT_SERVER="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=Server/CN=$IP" | |
SUBJECT_CLIENT="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=Client/CN=$IP" | |
function generate_CA () { | |
echo "$SUBJECT_CA" | |
openssl req -x509 -nodes -sha256 -newkey rsa:2048 -subj "$SUBJECT_CA" -days 365 -keyout ca.key -out ca.crt | |
} | |
function generate_server () { | |
echo "$SUBJECT_SERVER" | |
openssl req -nodes -sha256 -new -subj "$SUBJECT_SERVER" -keyout server.key -out server.csr | |
openssl x509 -req -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 | |
} | |
function generate_client () { | |
echo "$SUBJECT_CLIENT" | |
openssl req -new -nodes -sha256 -subj "$SUBJECT_CLIENT" -out client.csr -keyout client.key | |
openssl x509 -req -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 | |
} | |
function copy_keys_to_broker () { | |
sudo cp ca.crt /etc/mosquitto/certs/ | |
sudo cp server.crt /etc/mosquitto/certs/ | |
sudo cp server.key /etc/mosquitto/certs/ | |
} | |
generate_CA | |
generate_server | |
generate_client | |
copy_keys_to_broker | |
Hi, first all, delete 'function' words.
seconds, its not working when i restart the service. I don`t know why.
Thank you for your feedback; which OS are you running the script from?
I assume you mean mosquitto broker does not work as you expect. What kind of error do you get from your mosquitto log?
From Ubuntu. Sorry, it works. It called the script with "sh" and not with "bash". Your explanation is perfect. The problem I see is that I use "platformio" to program (esp32 and visual code) and there is no library that works well with "tls", so I will just use password without tls. Thanks for your tutorial and for responding so quickly.
From Ubuntu. Sorry, it works. It called the script with "sh" and not with "bash". Your explanation is perfect. The problem I see is that I use "platformio" to program (esp32 and visual code) and there is no library that works well with "tls", so I will just use password without tls. Thanks for your tutorial and for responding so quickly.
I am glad that you got it to work; happy hacking!
Hi, first all, delete 'function' words.
seconds, its not working when i restart the service. I don`t know why.