使用您的憑證授權機構憑證建立用戶端憑證 - AWS IoT Core
建立用戶端憑證 (CLI)

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

使用您的憑證授權機構憑證建立用戶端憑證

您可以使用自己的憑證授權機構 (CA) 來建立用戶端憑證。用戶端憑證必須先向 註冊, AWS IoT 才能使用。如需用戶端憑證之註冊選項的詳細資訊,請參閱 註冊用戶端憑證

建立用戶端憑證 (CLI)

注意

您無法在 AWS IoT 主控台中執行此程序。

使用 建立用戶端憑證 AWS CLI

  1. 產生金鑰對。

    openssl genrsa -out device_cert_key_filename.key 2048

  2. 建立用戶端憑證的 CSR。

    openssl req -new \
    -key device_cert_key_filename.key \
    -out device_cert_csr_filename.csr

    將出現提示,要求您輸入一些資訊,如下所示:

    You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
    State or Province Name (full name) []:
    Locality Name (for example, city) []:
    Organization Name (for example, company) []:
    Organizational Unit Name (for example, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:
    Email Address []:

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

  3. 從 CSR 建立用戶端憑證。

    openssl x509 -req \
    -in device_cert_csr_filename.csr \
    -CA root_CA_cert_filename.pem \
    -CAkey root_CA_key_filename.key \
    -CAcreateserial \
    -out device_cert_filename.pem \
    -days 500 -sha256

此時,用戶端憑證已建立,但尚未註冊 AWS IoT。如需如何和何時註冊用戶端憑證的詳細資訊,請參閱 註冊用戶端憑證