Generate Root Certificate for HTTPs Authentication using OpenSSL

SMP default certificates do not work for HTTPs connections. You can use OpenSSL to generate RootCA and corresponding technical certificates for mutual setup or use Internal PKI Server for generating certificates.

Use this Root Certificate for the child/signed certificates to be recognized by the server/client. You need CA Server and Mobile Device Management for certificate distribution. Before proceeding, ensure you have:

  • OpenSSL Software installed. You can use the link to download: https://www.openssl.org/.
  • These details to generate Certificate for SMP Server
    • Country Name—Country where you have the SMP Server
    • State or Province Name
    • Locality Name
    • Organization Unit
    • Organization Unit Name
    • Common Name
    • Email ID – Optional
  • SMP Keystore password
Assumptions
  • You have discussed with Innovapptive and your organization about the HTTPs setup and certificate replacements. You have a backup of the entire SMP Software including certificates. You are aware of OpenSSL standards.
  • Your organization has decided to use OpenSSL certificates instead of your Organizations PKI & RootCA.

If your organization has an internal PKI System, use it to generate the certificates signed by your Organization RootCA.

To create RootCA for SMP using OpenSSL:

  1. Open Command Prompt and navigate to OpenSSL-Win64\bin.
  2. Run these commands:
    1. openssl genrsa -des3 -out RootCertificate.key 2048
      Note: Your password should be same as SMP Keystore Password.
    2. openssl req -new -x509 -days 9999 -key RootCertificate.key -out RootCertificate.crt
    3. openssl genrsa -des3 -out smp.key 2048
    4. openssl req -new -key smp.key -out smp.csr
    5. Openssl x509 -req -days 365 -in smp.csr -CA RootCertificate.crt -CAkey RootCertificate.key-set_serial 01 -out smp.crt
    6. openssl pkcs12 -export -clcerts -in smp.crt -inkey smp.key -out smp.p12