Skip to content
/ mqtt-ca Public

TLS Certificate Authority using MQTT as transport, mainly for IoT endpoints

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

joelpmichael/mqtt-ca

BranchesTags

Repository files navigation

MQTT-CA

Not recommended for general consumption

Certificates and Keys Required

Root Certificate

(ref: https://stackoverflow.com/questions/60689653/openssl-eddsa-specify-key-size, https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html)

  1. mkdir /root/mqtt-ca
  2. cd /root/mqtt-ca
  3. mkdir certs crl newcerts private csr
  4. chmod 700 private
  5. touch index.txt
  6. echo 1000 > serial
  7. cat > openssl.cnf
  8. openssl genpkey -algorithm ed448 -aes256 -out private/root.key
  9. chmod 400 private/root.key
  10. openssl req -config openssl.cnf -key private/root.key -new -x509 -days 10958 -sha3-512 -extensions v3_ca -batch -out certs/root.crt

Sign Certificate

  1. Obtain CSR on startup of docker container
  2. cd /root/mqtt-ca
  3. cat > csr/sign.csr
  4. openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha3-512 -in csr/sign.csr -out certs/sign.crt

Configuration Files

  1. openssl.cnf: modify req_distinguished_name section

Build & Run

  1. docker build --tag mqtt-ca:latest .
  2. docker compose up -d
  3. docker compose down

About

TLS Certificate Authority using MQTT as transport, mainly for IoT endpoints

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages