Overview - Gemalto M2M
Using CA Signed Certificates with AWS and Cinterion ModulesOverviewApplication developer generates its own CA and registers with AWS and use this CA to sign the client Certs for the Cinterion Modules.362624198291Client CAClient Cert1Client Cert nClient …00Client CAClient Cert1Client Cert nClient …References1) 2) 3) AWS IoT Feature “Just In Time Certificate Registration” ()Generate CA Certificate and CA Private Key:# create self-signed root CA with new keyopenssl req -new -x509 -days 3650 -nodes -newkey rsa:2048 -keyout myCA.key -out myCA.crt -subj "/C=DE/ST=Berlin/L=Berlin/O=Demo Organization Ltd./OU=Demo AE Department/CN=myCA admin/emailAddress=myCA@test."openssl x509 -in myCA.crt -out myCA.der -outform DERGenerate Client Certificate and Client Private Key:# create clientEP with new keyopenssl req -new -nodes -newkey rsa:2048 -keyout clientEP.key -out clientEP.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=Demo Organization Ltd./OU=Demo AE Department/CN=clientEP admin/emailAddress=clientEP@test. "# sign clientEP with clientCAopenssl x509 -req -CAkey myCA.key -CA myCA.crt -days 3650 -in clientEP.csr -out clientEP.crt -set_serial 25 -extfile fRegister CA Cert with AWS:To use your own X.509 certificates, you must register a CA certificate with AWS IoT. You must prove you own the private key associated with the CA certificate by creating a private key verification certificate. The CA certificate can then be used to sign device certificates. You can register up to 10 CA certificates with the same subject field and public key per AWS account. This allows you to have more than one CA sign your device certificates.Step 1: Generate a key pair for the private key verification certificateopenssl genrsa -out verificationCert.key 2048Step 2: Copy this registration code2d1c8af7e0b8b42a8141c82d59878a21882f02a9b6cacb70d5150ff3a52332bbStep 3: Create a CSR with this registration codeopenssl req -new -key verificationCert.key -out verificationCert.csrPut the registration code in the Common Name fieldCountry Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []: 2d1c8af7e0b8b42a8141c82d59878a21882f02a9b6cacb70d5150ff3a52332bbEmail Address []:Step 4: Use the CSR that was signed with the CA private key to create a private key verification certificateopenssl x509 -req -in verificationCert.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out verificationCert.crt -days 500 -sha256Step 5: Upload the CA certificate (rootCA.pem)Step 6: Upload the verification certificate (verificationCert.crt)Install the Client Certificates and CA Certificate on the Cinterion Module # create jseccmd: DelAllCertificatesjava -jar jseccmd.jar -cmd DelAllHttpsCertificatesUntrusted > DelAllHttpsCertificatesUntrusted.txt# create jseccmd: HttpsVerifyOnUntrustedjava -jar jseccmd.jar -cmd HttpsVerifyOnUntrusted > HttpsVerifyOnUntrusted.txt# create jseccmd: AddHttpsCertificateUntrustedjava -jar jseccmd.jar -cmd AddHttpsCertificateUntrusted -filename ./myCA.der > AddHttpsCertificateUntrusted.bin# create jseccmd: AddHttpsClientCertificateUntrustedjava -jar jseccmd.jar -cmd AddHttpsClientCertificateUntrusted -filename ./clientEP.crt -keyfilename ./clientEP.key > AddHttpsClientCertificateUntrusted.binInstall “AddHttpsCertificateUntrusted.bin” and “AddHttpsClientCertificateUntrusted.bin” using AT^SJMSEC command.Sample Certs generated and test with AWS and Cinterion Module EHS6EHS6 Concept Board Information:ati1CinterionEHS6REVISION 03.001A-REVISION 00.000.51 ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- ec2 hands on workbook amazon s3
- overview gemalto m2m
- discovering cloud services development services and tools
- prohibited items items that often require pre purchase
- industry related technology e commerce amazon s3
- statement of work for web services contract
- remote working policy template amazon web services
- cloud platforms an enterprise oriented overview
- it infrastructure security policy amazon web services
Related searches
- overview of starbucks
- starbucks overview of the company
- overview of photosynthesis
- overview of photosynthesis quizlet
- activity overview of photosynthesis
- brief overview of starbucks
- overview of photosynthesis review worksheet
- overview of philosophers beliefs
- overview of photosynthesis 4.2 answers
- overview of photosynthesis worksheet
- brief overview of a meeting
- section 4.2 overview of photosynthesis