| 12345678910111213141516171819202122232425262728293031323334353637 |
- #!/usr/bin/env bash
- CFG_DIR=$(dirname "$0")
- CWD=$(pwd)
- cd $CFG_DIR
- clear.sh
- #Selbst signiertes Zertifikat erstellen (CA):
- openssl req -batch -x509 -config openssl.conf -newkey rsa:4096 -sha256 -nodes -out ca.crt -outform PEM
- #Privat Schlüssel und Signier request für Server erstellen (localhost):
- openssl req -batch -config server.conf -newkey rsa:2048 -sha256 -nodes -out server.csr -outform PEM
- #Privat Schlüssel und Signier request für Client erstellen:
- openssl req -batch -config client.conf -newkey rsa:2048 -sha256 -nodes -out client.csr -outform PEM
- #CA Datenbank anlegen (minimal):
- touch index.txt
- #Zertifiakte signieren:
- openssl ca -batch -create_serial -config openssl.conf -policy signing_policy -extensions signing_req -out server.crt -infiles server.csr
- openssl ca -batch -config openssl.conf -policy signing_policy -extensions signing_req -out client.crt -infiles client.csr
- sudo cp -f ca.crt /etc/mosquitto/ca_certificates
- sudo cp -f server.crt /etc/mosquitto/certs
- sudo cp -f server.key /etc/mosquitto/certs
- mkdir -p ./client
- cp -f ca.crt ./client
- cp -f client.crt ./client
- cp -f client.key ./client
- sudo /etc/init.d/mosquitto restart
- cd $CWD
|
