TR069Certificate
Wang Juntao edited this page Feb 12, 2023
·
2 revisions
# 1 Generate CA private key
test -f ca.key || openssl genrsa -out ca.key 4096
# 2 Generate CA certificate
test -f ca.crt || openssl req -x509 -new -nodes -key ca.key -days 3650 -out ca.crt -subj \
"/C=CN/ST=Shanghai/O=teamsacs/CN=TeamsacsCA/emailAddress=master@teamsacs.cc"
# 3 Generate server private key
openssl genrsa -out server.key 2048
# 4 Generate a certificate request file
openssl req -new -key server.key -out server.csr -subj \
"/C=CN/ST=Shanghai/O=teamsacs/CN=*.teamsacs.cc/emailAddress=master@teamsacs.cc"
# 5 Generate a server certificate based on the CA's private key and the above certificate request file
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 7300
cp ca.crt /var/teamsacs/private/ca.crt
cp server.key /var/teamsacs/private/cwmp.tls.key
cp server.crt /var/teamsacs/private/cwmp.tls.crt
It should be noted that the certificate prefix cwmp.tls is fixed, teamsacs program will default to /var/teamsacs/private/ directory, if there is no certificate file, it will create a default certificate file, default certificate file, CN=*.teamsac.cc, May not work in your environment