Generate certificates for X509 Authentication

Learn how to generate User Certificate and Technical Certificate and sign it by the Root Certificate.

Same commands are used for both Technical Certificate and User Certificate. You may use the User name of Gateway System while generating the user certificate.

Technical Certificate is used for communication between SMP Server and Gateway Server. This should have the password same as SMP Keystore.

To generate the certificates:

  1. Open Command Prompt and navigate to OpenSSL-Win64\bin.
  2. Run these commands:
    1. Openssl genrsa -des3 -out 4374446.key 2048.
    2. openssl req -new -key 4374446.key -out 4374446.csr
    3. openssl x509 -req -days 365 -in 4374446.csr -CA RootCertificate.crt -CAkey RootCertificate.key -set_serial 01 -out 4374446.crt
    4. openssl pkcs12 -export -clcerts -in 4374446.crt -inkey 4374446.key -out 4374446.p12

    Total Certificates generated for X509:

    • Technical Certificate (Preferred to be a Basis User ID from Gateway).
    • User Certificate (Based on the number of users, you have to generate X number of certificates to be distributed to them. Ensure there are no manual errors).