This tool should speed up X.509 certificate creation for IoT Hub / IoT Central and Device Provisioning Service.
Thanks to Jamie Nguyen blog with the openssl instructions to do it https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
Linux (WSL, Ubuntu etc.) with installed openssl
You can change the defaults for your Distinguished Names (DN) under the [req_distinguished_name] section in openssl.cnf and intermediate/openssl.cnf.
For more information see: https://en.wikipedia.org/wiki/Certificate_signing_request
Use following CommonNames for:
| Certificate | Common Name Value |
|---|---|
| CA | CA |
| Intermediate | intermediateCA |
| Device | "deviceId" |
| Azure Verification | "VerificationCode" |
Clone this repository within a linux shell.
You have to provide passwords for your private keys and the values for the Distinguished Names (DN).
- For creation of CA and Intermediate you will need to provide passwords as well as the DN information.
./create_ca_and_intermediate.sh
- For creation of the device certificates you need to provide a filename, password as well as the DN information. Try to stick to the rule filename = deviceId = Common Name
./create_device_cert.sh --filename <filename>
You can mainly use the tutorial provided here: https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-security-x509-get-started
- Certificate .pem file to use
./intermediate/certs/iotca-chain.cert.pem - Generate the Verification Code and use it as CommonName while executing
./create_device_cert.sh --filename azureverify - Upload/Verify with
./intermediate/certs/azureverify.cert.pem
Within your device's or device simulation code/containers use the .pfx files automatically generated with the scripts
./intermediate/pfx/<filename/devicename>.pfx
Modify scripts to enter password / DN info automatically