SWRU368C May 2018 – January 2021 CC3100 , CC3100MOD , CC3200 , CC3200MOD
How to generate certificates, public keys, and CAs:
1. Download and install the latest package of OpenSSL (either Windows or Linux).
2. In the installation path \bin library, find openssl.exe.
Private Key
To create a new private key for a certificate, use:
openssl genrsa -out privkey.pem 2048
Notes:
Certificate and CA
The CA (certificate authority) is a self-signed certificate used for signing other certificates.
To generate a CA, use the following command and insert the desired values:
openssl req -new -x509 -days 3650 -key privkey.pem -out root-ca.pem
Several notes about the example:
openssl x509 -in input.crt -inform PEM –out output.crt
-outform DER
To generate a certificate, first prepare the certificate document. Similar to making a CA, fill the desired values such as country code name and so forth with the command:
openssl req -new -key privkey.pem -out cert.pem
The private key is different from the one used for the CA. Each certificate should have its own private key.
After generating a certificate form (also called certificate request), sign it with another certificate. The form is usually signed with the CA, but to make a chain, sign it with another certificate.
To do the signing process use:
openssl x509 -req -days 730 -in cert.pem -CA ca.pem -CAkey CAPrivate.pem -set_serial 01 -out cert.pem
Several notes about the example:
In conclusion, if you want to generate a CA and then a certificate signed by the CA do the following:
How to generate sha1 and sign it with a private key
openssl dgst -sha1 data.txt > hash
To make a sha1 code out of data.txt file, use:
To RSA sign this sha1 code with a private key, use:
openssl dgst –binary –out signature.bin -sha1 -sign privatekey.pem BufferToSign.bin