BLAH BLAH
Create or obtain a root certificate and private key:
openssl genrsa -out root.key 2048
openssl req -new -key root.key -out root.csr
openssl x509 -req -days 365 -in root.csr -signkey root.key -out root.crt
Use the root certificate and private key to generate a certificate authority (CA) certificate and private key:
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -CA root.crt -CAkey root.key -CAcreateserial -out ca.crt
Create or obtain a device certificate and private key for your IoT Edge device:
openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -days 365 -in device.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out device.crt
Use the CA certificate and private key to sign the device certificate and generate a certificate chain:
cat device.crt ca.crt > device-chain.pem
Install the root certificate, CA certificate, and device certificate on your IoT Edge device. You can do this by adding them as trusted certificates to the IoT Edge runtime.
On a Linux-based device, you can copy the certificates to the /etc/ssl/certs directory and run the update-ca-certificates command to update the trusted certificates:
sudo cp root.crt /etc/ssl/certs/
sudo cp ca.crt /etc/ssl/certs/
sudo cp device-chain.pem /etc/ssl/certs/
sudo update-ca-certificates
John Hadikusumo 