Generating a Certificate

The digital certificate generated is a local security certificate generated by OpenSSL. This certificate is used only for device commissioning. When the device is put into commercial use, replace it with a commercial security certificate issued by a formal Certificate Authority (CA).

Go to the /usr/local/tengine-nginx directory and generate a key.

       
            cd /usr/local/tengine-nginx
openssl genrsa -des3 -out server_2048.key 2048

The system prompts you to enter the password twice. Set the two passwords to the same value. Then the server_2048.key file is generated.

You can run the following command to enable the file to be used without a password:

         
              openssl rsa -in server_2048.key -out server_2048.key

Create a certificate signing request (CSR).

       
            openssl req -new -key server_2048.key -out server_2048.csr

Enter the password you set in step 1. (If the file is set to be used without a password, you do not need to enter the password.) Set Country Name to CN, and press Enter.

Rewrite the key.
1

openssl rsa -in server_2048.key -out server_2048.key
Enter the password you set in 1. If password-free access is enabled for the file, you do not need to enter the password.

Generate the certificate.

       
            openssl x509 -req -days 365 -in server_2048.csr -signkey server_2048.key -out server_2048.crt

Parent topic: Running and Verifying Tengine