Prerequisites
| View file | ||
|---|---|---|
|
| View file | ||
|---|---|---|
|
...
In each openssl.cnf modify dir to match their respective absolute paths (pwd will show your current working directory).
Root CA
First we want to create a private key and root CA
| Code Block |
|---|
openssl genrsa -aes256 -out private/ca.key.pem 4096;
chmod 400 private/ca.key.pem;
openssl req -config ca-openssl.cnf \
-key private/ca.key.pem \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
-out certs/ca.cert.pem;
chmod 444 certs/ca.cert.pem; |
Intermediate CA
We need to generate an intermediate CA
...
| Code Block |
|---|
cat intermediate/certs/intermediate.cert.pem \
certs/ca.cert.pem > intermediate/certs/ca-chain.cert.pem;
chmod 444 intermediate/certs/ca-chain.cert.pem; |
Sever Certificate
Next we will be creating a certificate and key for our server, sign it and generate the keystore to be used by HiveMQ. In the following examples, you will need to replace broker.hivemq.local with the FQDN of the individual nodes you are creating these for.
...
| Code Block |
|---|
keytool -import -trustcacerts -alias 'Root CA' -file certs/ca.cert.pem -keystore ../keystores/broker.hivemq.local-truststore.jks; |
Client certificates
Now we can start creating certificates which our clients can present to the server while establishing a connection. You may replace client1 with any desired name.
As before, our starting point is to generate a key…
...