我正在尝试为此流程创建自动版本https://aws.amazon.com/premiumsupport/knowledge-center/iot-self-signed-certificates/
但是我遇到了一些问题。当我尝试将iot注册码用于命令的CN字段时,我一直收到错误 openssl req -new -key verificationCert.key -out verificationCert.csr -subj" / CN = $ CN"
我无法将已存储注册码的变量附加到CN部分。 当我手动执行此操作时。
- UPDATE -
openssl genrsa -out myRootCA.key 2048
openssl req -x509 -new -nodes -key myRootCA.key -sha256 -days 730 -subj "/C=US/ST=Massachusetts/L=Boston/O=Company/OU=USBDev/CN=CA STG CERT" -out myRootCA.pem
CN=$(aws iot get-registration-code | jq --raw-output .registrationCode)
openssl genrsa -out privateKeyCert.key 2048
openssl req -new -key privateKeyCert.key -subj "/CN=$CN" -out privateKeyCert.csr
openssl x509 -req -in privateKeyCert.csr -CA myRootCA.pem -CAkey myRootCA.key -CAcreateserial -out privateKeyCert.pem -days 730 -sha256
aws iot register-ca-certificate --ca-certificate file://myRootCA.pem --verification-cert file://privateKeyCert.pem
答案 0 :(得分:0)
openssl genrsa -out cacert.key 2048
openssl req -x509 -new -nodes -key cacert.key -sha256 -days 365 -subj "C=US/ST=Massachusetts/L=Boston/O=Zoom Tel/OU=USBSensor iot/CN=CA STG CERT" -out cacert.pem
aws iot get-registration-code
{
"registrationCode": "xxxxxxx"
}
您可以在shell变量中捕获注册码,如下所示:
CN=$(aws iot get-registration-code | jq --raw-output .registrationCode)
请注意,您只需在此处提供CN。没别的。
openssl genrsa -out privateKeyVerification.key 2048
openssl req -new -key privateKeyVerification.key -subj "/CN=$CN" -out privateKeyVerification.csr
openssl x509 -req -in privateKeyVerification.csr -CA cacert.pem -CAkey cacert.key -CAcreateserial -out privateKeyVerification.crt -days 365 -sha256