本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用您的憑證授權機構憑證建立用戶端憑證
您可以使用自己的憑證授權機構 (CA) 來建立用戶端憑證。使用前必須 AWS IoT 先註冊用戶端憑證。如需用戶端憑證之註冊選項的詳細資訊,請參閱 註冊用戶端憑證。
建立用戶端憑證 (CLI)
注意
您無法在 AWS IoT 主控台中執行此程序。
使用建立用戶端憑證 AWS CLI
-
產生金鑰對。
openssl genrsa -outdevice_cert_key_filename.key2048 -
建立用戶端憑證的 CSR。
openssl req -new \ -keydevice_cert_key_filename.key\ -outdevice_cert_csr_filename.csr將出現提示,要求您輸入一些資訊,如下所示:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) []: Locality Name (for example, city) []: Organization Name (for example, company) []: Organizational Unit Name (for example, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: -
從 CSR 建立用戶端憑證。
openssl x509 -req \ -indevice_cert_csr_filename.csr\ -CAroot_CA_cert_filename.pem\ -CAkeyroot_CA_key_filename.key\ -CAcreateserial \ -outdevice_cert_filename.pem\ -days 500 -sha256
此時,已建立用戶端憑證,但尚未在中註冊 AWS IoT。如需如何和何時註冊用戶端憑證的詳細資訊,請參閱 註冊用戶端憑證。
