0

I have a project based on Google Cloud Platform which involves adding Raspberry Pi devices to Google IoT registry. What I need to do is to generate signed certificates both for registry and for devices in order to ensure that fraudulent devices are not registered.

I already tried generating signed X.509 certificates like this:

   openssl req -new -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt

   openssl genrsa -out device.key 2048

   openssl req -new -days 365 -key device.key -out device.csr 

   openssl x509 -req -days 365 -in device.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out device.crt

Notice that when promtped I put additional subj information like name, country, email, organisation which according to other SO question should make it work.

After invoking those commands I end up with following files:

ca.crt     ca.key     ca.srl     device.crt device.csr device.key

So what I would do is to add ca.crt as registry certificate and then when I try to upload device.crt as device certificate (type RS256_X509) I get an error Certificate is not supported by Cloud IoT

What could I be doing wrong? I want to make sure that I create correct certificates and link them to registry and device.

UO Man
  • 153
  • 4
  • 13
  • Have a look at this article I wrote. It was to use Onion's Omega devices but the principles should be the same for your Pi. https://medium.com/google-cloud/google-cloud-iot-core-golang-b130f65951ba – DazWilkin Mar 29 '19 at 00:04
  • I cannot register a device with default subj information, but with `Common Name` set to unused when running `openssl req -new -days 365 -key device.key -out device.csr` and leaving everything else as default, I was able to register a device with your exact same commands. Could you provide more info as to which additional subj information you used? – Alex Hong Mar 29 '19 at 21:26

0 Answers0