Create a Mutual Authentication root certificate
To properly configure Mutual Authentication, you need to create a root certificate that you want to use to create and validate client certificates.
Before you begin
- Make sure your environment meets the minimum requirements to complete this procedure. See System requirements.
- Prepare a CA root certificate configuration file.
An example of content in a root.conf file [req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext x509_extensions = v3_ca # subject distinguished name distinguished_name = dn [dn] # country C = US # state ST = Massachusetts # city L = Cambridge # organization O = Organization # organization unit OU = IoT # email emailAddress = test@email.com # common name CN = www.organization.test.com [req_ext] # subject alternative name subjectAltName = @alt_names # netscape comment nsComment = "This is netscape comment" [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true [alt_names] DNS.1 = test.example.com
All the files used in the task are in the same directory. The
commands use these variables for the file names:
- root.conf is the configuration file for the CA root certificate.
- rootCA.crt is the CA root certificate you previously created.
- rootCA.key is the CA root private key that you previously created.