Generating an OpenSSL Certificate

This section describes how to generate a local security certificate for device commissioning in a specified directory. The digital certificate is a local security certificate generated by OpenSSL and applies only to internal tests. During commercial use, replace the digital certificate with a commercial security certificate obtained from a formal certificate authority.

Go to the /usr/local/nginx directory and run the following command to generate an RSA key:

For Nginx installed using the mirror site RPM package on CentOS 7.6 or CentOS 8.1, replace /usr/local/nginx in the following command with /etc/nginx.

       
            cd /usr/local/nginx
openssl genrsa -des3 -out server_2048.key 2048

According to the prompt, you need to enter the password twice. Set the two passwords to the same value. Then the server_2048.key file is generated.

You can run the following command to use the server_2048.key file without a password:

openssl rsa -in server_2048.key -out server_2048.key

Create a certificate signing request (CSR).

       
            openssl req -new -key server_2048.key -out server_2048.csr

Enter the password set in 1. Set Country Name to CN and press Enter for other options. If password-free access is set for the server_2048.key file, you do not need to enter the password.

Rewrite the RSA key.
1

openssl rsa -in server_2048.key -out server_2048.key
Enter the password set in 1. If password-free access is set for the server_2048.key file, you do not need to enter the password.

Generate a certificate.

       
            openssl x509 -req -days 365 -in server_2048.csr -signkey server_2048.key -out server_2048.crt

Parent topic: Running and Verifying Nginx