Create Root and Intermediate Certs for Azure IoT Hub Device Provisioning Service

certs.MD

#Generate Root Certificate key.

openssl genrsa –out RootCA.key 4096 - Private

#Generate Root certificate.

openssl req –new –x509 –days 1826 –key RootCA.key –out RootCA.crt -outform PEM

#Generate Intermediate CA certificate key

openssl genrsa –out IntermediateCA.key 4096

#Generate Intermediate CA CSR.

openssl req –new –key IntermediateCA.key –out IntermediateCA.csr

#Sign the Intermediate CA by the Root CA.

openssl x509 –req –days 1000 –in IntermediateCA.csr –CA RootCA.crt –CAkey RootCA.key –CAcreateserial –out IntermediateCA.crt

#Generate device certificate key

openssl genrsa –out device.key 2048

#Generate device certificate CSR.

openssl req –new –key device.key –out device.csr

#To sign the device certficate with the Intermediate CA.

openssl x509 –req –days 1000 –in device.csr –CA IntermediateCA.crt –CAkey IntermediateCA.key –set_serial 0101 –out device.crt –sha1

#To sign the device certficate with the Root Certificate

openssl x509 –req –days 1000 –in device.csr –CA RootCA.crt –CAkey RootCA.key –set_serial 0101 –out device.crt –sha1

#Create verification key and csr

openssl genrsa -out verification.key 2048 openssl req -new -key verification.key -out verification.csr

#It will prompt for cert fields. #IMPORTANT: The Common Name needs to be your Verification Code (generate and copy that from portal)

Create verification pem

openssl x509 -req -in verification.csr -CA RootCA.crt -CAkey RootCA.key -CAcreateserial -out verification.pem -days 500 -sha256

crt -pem convertion

openssl x509 -in device.crt -out device.pem -outform PEM

openssl pkcs12 -export -out device.pfx -inkey device.key -in device.crt