本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
您可以使用自己的证书颁发机构 (CA) 创建客户端证书。必须先注册客户证书, AWS IoT 然后才能使用。有关客户端证书的注册选项的信息,请参阅注册客户端证书。
创建客户端证书 (CLI)
注意
您无法在 AWS IoT 控制台中执行此过程。
要使用创建客户证书 AWS CLI
-
生成密钥对。
openssl genrsa -outdevice_cert_key_filename.key2048 -
为客户端证书创建 CSR。
openssl req -new \ -keydevice_cert_key_filename.key\ -outdevice_cert_csr_filename.csr系统将提示您输入一些信息,如下所示:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) []: Locality Name (for example, city) []: Organization Name (for example, company) []: Organizational Unit Name (for example, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: -
从 CSR 创建客户端证书。
openssl x509 -req \ -indevice_cert_csr_filename.csr\ -CAroot_CA_cert_filename.pem\ -CAkeyroot_CA_key_filename.key\ -CAcreateserial \ -outdevice_cert_filename.pem\ -days 500 -sha256
此时,客户证书已创建,但尚未在中注册 AWS IoT。有关注册客户端证书的方式和时机的信息,请参阅注册客户端证书。
