堆栈内存溢出
  简体   繁体   English

如何从根证书生成公共证书,私钥?

[英]How to generate public certificate, private key from root certificate?

 原文  2018-09-24 17:39:56       ssl/ openssl/ azure-iot-hub/ azure-iot-edge

问题描述

I have the root certificate pem file from a Linux server. 我有Linux服务器上的根证书pem文件。 The application that needs to connect to that server is telling me it needs a publicCert pem file and a privateKey pem file to communicate with the server. 需要连接到该服务器的应用程序告诉我,它需要一个publicCert pem文件和一个privateKey pem文件才能与服务器通信。

Do I generate these from the root certificate? 是否从根证书生成这些? My thought is that I would feed openssl the path to the root cert and then it would dump out the publicCert/privateKey I want. 我的想法是,我将提供openssl到根证书的路径,然后将其转储出我想要的publicCert / privateKey。

I've created the certs on the server as described here . 我已经按照此处所述服务器上创建了证书。 Now I need to install on the downstream device as described here . 现在,我需要按照此处所述下游设备上进行安装。

The input of client connection I need to use requires these parameters: 我需要使用的客户端连接输入需要以下参数: 

connString: 'HostName=foo'
protocol: MQTT
publicKeyCertificateString: certificateString or path to certificate
privateKeyString: keyString or path to key

new DeviceClient(connString, protocol, publicKeyCertificateString, privateKeyString);
  • Cert format: pem 证书格式:pem
  • Authentication Format: x509 验证格式:x509

1 个解决方案

解决方案1
 0  2018-09-30 12:17:56

You would only need the Root CA certificate to be available in the trust store of the downstream device. 您只需要在下游设备的信任库中提供根CA证书即可。 What you seem to be looking to do is mutual authentication. 您似乎想做的是相互认证。 Azure IoT Edge doesn't currently support downstream devices to connect using client certificates (mutual authentication). Azure IoT Edge当前不支持下游设备使用客户端证书(相互身份验证)进行连接。 (Edge device only supports symmetric key authentication but doesn't support x509 certificate authentication). (边缘设备仅支持对称密钥身份验证,但不支持x509证书身份验证)。 For publishing messages using MQTT, you would need to generate a SAS token for the downstream device and then use it to communicate with iot hub (edge device would act as a transparent gateway). 为了使用MQTT发布消息,您需要为下游设备生成SAS令牌,然后使用它与iot集线器通信(边缘设备将充当透明网关)。

Related : c# Azure IOT Edge Auto-provision with Device Provisioning Service(DPS) with x509 certificate sample needed 相关:需要带有设备预配服务(DPS)的c#Azure IOT Edge自动预配,并带有x509证书示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何仅从csr生成证书(公钥)? - How to generate certificate (public key) from just the csr? 如何生成用于加密的 SSL 证书和公钥? - How to generate SSL certificate & public key for encryption? 如何使用私钥生成 SSL 证书? - How to generate SSL certificate with private key? 如何使用keytool生成私钥证书 - how to generate a private key certificate using keytool iOS添加受信任的根证书-公共还是私有? - iOS adding a trusted root certificate - Public or Private? SSL证书:公钥还是私钥? - SSL certificate : public key or private key? 从ASN1加密的pem证书中获取公钥和私钥 - Get public and private key from ASN1 encrypted pem certificate JAVA:如何使用公共证书和私钥建立 SSL 连接 - JAVA : How to make SSL connection with public certificate and private key 如何从SSL证书创建私钥? - How to create private key from SSL certificate? 如何生成用于公钥固定(SSL固定)的iOS证书 - How to generate iOS certificate for public key pinning(SSL pinning)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM