

How create Certificates

1-a) Create Certificate Authority configuration file rootCA.conf that contains:

[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]              
countryName                     = DE
stateOrProvinceName             = Rheinland-Pfalz
localityName                    = Langmeil
0.organizationName              = MOBOTIX AG
organizationalUnitName          = MX-PKI
commonName                      = MX-RootCA
emailAddress                    = myemail@example.org


Please see rootCA.conf file for example and update the file according your information.

1-b)  Create Certificate Authority: Create root CA & Private key


2- Generate Private key ( for the camera as server)
openssl genrsa -out server.key 2048

3-a)Create Certificate Signing Request Configuration server.csr.conf that contains:

[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C = My Country Code e.g US, DE, FR, JN
ST = My Province or State 
L = My Town e.g: Tokyo
O = My Company name
OU = Organisation unit
CN = Server hostname e.g: Camera hostname

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = Camera hostname
IP.1 = Camera IP

Please see server.csr.conf file for example and update the file to suit your needs.

3-b) Generate Certificate Signing Request (CSR) Using Server Private Key (for the camera )
openssl req -new -key server.key -out server.csr  -config server.csr.conf

4-a) Create a external file for self signed server.pem.conf that contains (see server.pem.conf for example):

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = Camera hostname

4-b)  Create SSl with self signed CA ( for the camera)
openssl x509 -req  -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.pem -days 365 -sha256 -extfile server.pem.conf
