CoAPs
Devices can used secure CoAPs connections to the backend. To use CoAPs a Certificate signed by Lobaro is required.
The setup consists of the following steps:
- Create a Certificate Signing Request (CSR)
- Request a Certificate from Lobaro
- Install the signed Certificate in the Platform
Create a Certificate Signing Request (CSR)
Create Private Key
The key must be created at the Platform server and should never leave the system.
openssl ecparam -name prime256v1 -genkey -noout -out platform.key
Do not send the resulting private key file platform.key
to anyone.
Create CSR
The following files need to be created next to the platform.key
file.
Create a file named csr-settings.sh
with the following content:
csr-settings.sh
# Settings file for CSR # Adjust according to server. # C: Country, 2 letter code, upper case. examples: "DE", "BG", "CH" export C="DE" # ST: State or Province Name, e.g. "Hamburg", "Maryland", "Zug" export ST="Hamburg" # O: Organisation, e.g.: "Lobaro GmbH", "Example Corp." export O="Lobaro GmbH" # CN: Common Name, the Domain the platform runs on, e.g., "platform.lobaro.com" # Can also be an IP address (only do this in secure environments where the IP will never change, e.g. in you VPN) export CN="backend.lobaro.com"
Create a file names locert-csr.sh
with the following content:
#!/bin/bash # abort on any error set -e # KEY="platform.key" # name of the file the CSR settings are put: SETTINGS="csr-settings.sh" function abort { echo "Abort." exit } # check if key exists if [[ ! -f "$KEY" ]]; then echo "Key file '$KEY' missing." echo "run 'openssl ecparam -name prime256v1 -genkey -noout -out $KEY' to create key." echo "run 'openssl ecparam -name prime256v1 -genkey -noout | openssl ec -aes256 -out $KEY' to create encrypted key." abort fi # check if key is key if [[ $(file -b "$KEY") != "PEM EC private key" ]]; then echo "Key file '$KEY' does not seem to be EC private key." abort fi # if settings file is missing if [[ ! -f $SETTINGS ]]; then echo "csr-settings missing, please create '${SETTINGS}" exit fi echo "loading CSR settings from ${SETTINGS}" . ./${SETTINGS} # verify settings GOOD=1 if [[ ! $C =~ ^[A-Z]{2}$ ]]; then echo "C must two upper case letters." GOOD=0 fi if [[ ! $ST =~ ^[^/=]+$ ]]; then echo "ST is invalid." GOOD=0 fi if [[ ! $O =~ ^[^/=]+$ ]]; then echo "O is invalid." GOOD=0 fi if [[ ! $CN =~ ^[a-z0-9\-]+(\.[a-z0-9]+)+$ ]]; then echo "CN is invalid. '${CN}'" GOOD=0; fi if [[ $GOOD != 1 ]]; then echo "Please fix ${SETTINGS}." abort fi # Prepare CSR SUBJ="/C=${C}/ST=${ST}/O=${O}/CN=${CN}" echo "Subject is '${SUBJ}'" CSR="${CN}.csr" # Generate CSR echo "Generating CSR in ${CSR}." openssl req -new -key platform.key -sha256 -subj "${SUBJ}" -out "${CSR}"
- Execute locert-csr.sh
- Send the created
*.csr
to lobaro.
Request Certificate from Lobaro
Send the CSR to support@lobaro.de to receive a valid certificate for your Server.
Install the signed Certificate in the Platform
Not yet documented, we are happy to help you out via Mail and Phone.