AWS iot自签名证书脚本

时间:2018-03-15 23:47:20

标签: aws-cli

我正在尝试为此流程创建自动版本https://aws.amazon.com/premiumsupport/knowledge-center/iot-self-signed-certificates/

但是我遇到了一些问题。当我尝试将iot注册码用于命令的CN字段时,我一直收到错误     openssl req -new -key verificationCert.key -out verificationCert.csr -subj" / CN = $ CN"

我无法将已存储注册码的变量附加到CN部分。 当我手动执行此操作时。

- UPDATE -

openssl genrsa -out myRootCA.key 2048
openssl req -x509 -new -nodes -key myRootCA.key -sha256 -days 730 -subj "/C=US/ST=Massachusetts/L=Boston/O=Company/OU=USBDev/CN=CA STG CERT" -out myRootCA.pem
CN=$(aws iot get-registration-code | jq --raw-output .registrationCode)
openssl genrsa -out privateKeyCert.key 2048
openssl req -new -key privateKeyCert.key -subj "/CN=$CN" -out privateKeyCert.csr
openssl x509 -req -in privateKeyCert.csr -CA myRootCA.pem -CAkey myRootCA.key -CAcreateserial -out privateKeyCert.pem -days 730 -sha256
aws iot register-ca-certificate --ca-certificate file://myRootCA.pem --verification-cert file://privateKeyCert.pem

1 个答案:

答案 0 :(得分:0)

步骤1:生成CA密钥和证书

openssl genrsa -out cacert.key 2048
openssl req -x509 -new -nodes -key cacert.key -sha256 -days 365 -subj "C=US/ST=Massachusetts/L=Boston/O=Zoom Tel/OU=USBSensor iot/CN=CA STG CERT" -out cacert.pem

步骤2:获取注册码以将CN作为CN

aws iot get-registration-code
{
    "registrationCode": "xxxxxxx"
}

您可以在shell变量中捕获注册码,如下所示:

CN=$(aws iot get-registration-code | jq --raw-output .registrationCode)

步骤3:创建CA证书(使用注册码)

请注意,您只需在此处提供CN。没别的。

openssl genrsa -out privateKeyVerification.key 2048
openssl req -new -key privateKeyVerification.key -subj "/CN=$CN" -out privateKeyVerification.csr
openssl x509 -req -in privateKeyVerification.csr -CA cacert.pem -CAkey cacert.key -CAcreateserial -out privateKeyVerification.crt -days 365 -sha256