Creare un certificato client utilizzando il certificato CA

Per creare un certificato client utilizzando AWS CLI

1. Genera una coppia di chiavi.

   openssl genrsa -out device_cert_key_filename.key 2048

2. Crea un certificato CSR per il client.

   openssl req -new \
       -key device_cert_key_filename.key \
       -out device_cert_csr_filename.csr

   Ti verrà richiesto di immettere alcune informazioni, come mostrato qui.

   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [AU]:
       State or Province Name (full name) []:
       Locality Name (for example, city) []:
       Organization Name (for example, company) []:
       Organizational Unit Name (for example, section) []:
       Common Name (e.g. server FQDN or YOUR name) []:
       Email Address []:
   
       Please enter the following 'extra' attributes
       to be sent with your certificate request
       A challenge password []:
       An optional company name []:

3. Crea un certificato client daCSR.

   openssl x509 -req \
       -in device_cert_csr_filename.csr \
       -CA root_CA_cert_filename.pem \
       -CAkey root_CA_key_filename.key \
       -CAcreateserial \
       -out device_cert_filename.pem \
       -days 500 -sha256