OpenSSL Command
|
Description
|
|||
---|---|---|---|---|
1.
|
openssl genrsa -out ca_key.pem 2048
|
Creates the Certificate Authority key necessary to create the RabbitMQ CA bundle in the next command.
|
||
2.
|
openssl req -x509 -sha256 -new -nodes -key ca_key.pem -days 3650 -out ca_certificate.pem
|
Uses the CA key from the previous command to create the RabbitMQ CA bundle file.
|
||
3.
|
openssl genrsa -out rabbitmq_key.pem 2048
|
Creates the RabbitMQ key file necessary to create a signed RabbitMQ certificate.
|
||
4.
|
openssl req -new -key rabbitmq_key.pem -out rabbitmq.csr
|
Creates a certificate signing request (CSR) file necessary to request a new certificate from the Certificate Authority.
|
||
5.
|
openssl x509 -req -in rabbitmq.csr -CA ca_certificate.pem -CAkey ca_key.pem -CAcreateserial -out rabbitmq_certificate.pem -days 3650 -sha256 -extfile rabbitmq.conf
|
Uses the RabbitMQ CSR file, from the previous command, and the rabbitmq.conf configuration file, created in the previous section, to generate the RabbitMQ certificate file. The certificate is signed by the authority in the RabbitMQ CA bundle.
|
||
6.
|
openssl genrsa -out client_key.pem 2048
|
Creates the client key file necessary for peer verification.
|
||
7.
|
openssl req -new -key client_key.pem -out client.csr
|
Creates a certificate signing request (CSR) file necessary to request a new certificate from the Certificate Authority.
|
||
8.
|
openssl x509 -req -in client.csr -CA ca_certificate.pem -CAkey ca_key.pem -CAcreateserial -out client_certificate.pem -days 3650 -sha256 -extfile client.conf
|
Uses the client CSR file, from the previous command, and the client.conf configuration file, created in the previous section, to generate the client certificate file. The certificate is signed by the authority in the RabbitMQ CA bundle.
|
||
9.
|
openssl pkcs12 -export -in client_certificate.pem -inkey client_key.pem -out client.pkcs12 -password pass:<BrokerSslClientStorePassword>
|
Converts the client certificate, created from the previous command, to a PKCS12 format.
For the password, use the BrokerSslClientStorePassword that will be listed in the PlatformSettingsConfig section of the platform-settings.json for the ThingWorx server. For more information see Additional ThingWorx Setup for TLS Connection with RabbitMQ.
|
||
10.
|
keytool -importcert -keystore BrokerSslServerTrustStore.jks -storepass <BrokerSslServerTrustStorePassword> -file ca_certificate.pem -alias <rabbitmq alias>
|
Creates the ThingWorx Truststore file, BrokerSslServerTrustStore.jks, imports the RabbitMQ CA bundle file into the Truststore, and assigns an alias name to the bundle in the Truststore.
For the password, use the BrokerSslServerTrustStorePassword that will be listed in the PlatformSettingsConfig section of the platform-settings.json for the ThingWorx server. For more information see Additional ThingWorx Setup for TLS Connection with RabbitMQ.
|
|
You can use the Property Transform PKCS12 file created during Platform Analytics installation or create a new file.
|