好久没更新了,有网友催着后续博客,最近比较忙,先把记得的部分,和一些代码贴出来,供大家参考,若有问题请大家留言,
后面自己再重新弄一遍,再修改整理。
esp8266上证书以*.h格式编译写到flash中,而服务器端格式为*.crt格式,
采用脚本一次生成,代码如下,
makefile.sh
#
# Generate the certificates and keys for testing.
#
PROJECT_NAME="TLS Project"
# Generate the openssl configuration files.
cat > ca_cert.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = $PROJECT_NAME Dodgy Certificate Authority
EOF
cat > certs.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = $PROJECT_NAME
CN = www.***.com
EOF
cat > device_cert.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = $PROJECT_NAME Device Certificate
EOF
# private key generation
openssl genrsa -out TLS.ca_key.pem 1024
openssl genrsa -out TLS.key_1024.pem 1024
openssl genrsa -out TLS.key_DEVICE.pem 1024
# convert private keys into DER format
openssl rsa -in TLS.key_1024.pem -out TLS.key_1024 -outform DER
openssl rsa -in TLS.key_DEVICE.pem -out TLS.key_DEVICE -outform DER
# cert requests
openssl req -out TLS.ca_x509.req -key TLS.ca_key.pem -new \
-config ./ca_cert.conf
openssl req -out TLS.x509_1024.req -key TLS.key_1024.pem -new \
-config ./certs.conf
openssl req -out TLS.x509_DEVICE.req -key TLS.key_DEVICE.pem -new \
-config ./device_cert.conf
# generate the actual certs.
openssl x509 -req -in TLS.ca_x509.req -out TLS.ca_x509.pem \
-sha1 -days 5000 -signkey TLS.ca_key.pem
openssl x509 -req -in TLS.x509_1024.req -out TLS.x509_1024.pem \
-sha1 -CAcreateserial -days 5000 \
-CA TLS.ca_x509.pem -CAkey TLS.ca_key.pem
openssl x509 -req -in TLS.x509_DEVICE.req -out TLS.x509_DEVICE.pem \
-sha1 -CAcreateserial -days 5000 \
-CA TLS.ca_x509.pem -CAkey TLS.ca_key.pem
# some cleanup
rm TLS*.req
rm *.conf
openssl x509 -in TLS.ca_x509.pem -outform DER -out TLS.ca_x509.cer
openssl x509 -in TLS.x509_1024.pem -outform DER -out TLS.x509_1024.cer
openssl x509 -in TLS.x509_DEVICE.pem -outform DER -out TLS.x509_DEVICE.cer
# Generate the certificates and keys for encrypt.
#
# set default cert for use in the client
xxd -i TLS.x509_1024.cer | sed -e \
"s/TLS_x509_DEVICE_cer/default_certificate/" > cert.h
# set default key for use in the DEVICE
xxd -i TLS.key_1024 | sed -e \
"s/TLS_key_DEVICE/default_private_key/" > private_key.h
以上是我修改测试后的脚本makefile.sh内容,在linux下生成证书。
一些细节参照下面博客:
http://blog.csdn.net/houjixin/article/details/24305613