API tools faq
paste
Guest User

Certification Process

a guest
May 8th, 2024
16
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 14.93 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. PS C:\ncs\v2.6.0\nrf\scripts> python cert_tool.py root_ca
  2. ca/root-ca-key.pem generated successfully!
  3. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:184: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  4.   .not_valid_before(datetime.datetime.utcnow())
  5. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:185: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  6.   .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))
  7. WARNING: This certificate is for testing purposes only and should not be used in production.
  8. Certificate saved as ca/root-ca-cert.pem
  9. PS C:\ncs\v2.6.0\nrf\scripts> python cert_tool.py sub_ca
  10. ca/sub-ca-key.pem generated successfully!
  11. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:184: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  12.   .not_valid_before(datetime.datetime.utcnow())
  13. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:185: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  14.   .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))
  15. WARNING: This certificate is for testing purposes only and should not be used in production.
  16. Certificate saved as ca/sub-ca-cert.pem
  17. PS C:\ncs\v2.6.0\nrf\scripts> az iot hub certificate create --hub-name IotHub003 --name test_root_cert --path ca/root-ca-cert.pem
  18. {
  19.   "etag": "IjUxMDUzZjIzLTAwMDAtMDEwMC0wMDAwLTY2M2I1ZmQ2MDAwMCI=",
  20.   "id": "/subscriptions/de121bc4-c0c4-4267-af61-9f5f6cf6c79e/resourceGroups/Dev/providers/Microsoft.Devices/IotHubs/IotHub003/certificates/test_root_cert",
  21.   "name": "test_root_cert",
  22.   "properties": {
  23.     "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwRENDQVhlZ0F3SUJBZ0lVS1QvMW56elRqZFBvS0VCQjd1S2tvcTJod25jd0NnWUlLb1pJemowRUF3SXcKWGpFTE1Ba0dBMVVFQmhNQ1ZWTXhEVEFMQmdOVkJBZ01CRlJsYzNReERUQUxCZ05WQkFjTUJGUmxjM1F4R2pBWQpCZ05WQkFvTUVWUmxjM1FnVDNKbllXNXBlbUYwYVc5dU1SVXdFd1lEVlFRRERBeFVaWE4wSUZKdmIzUWdRMEV3CkhoY05NalF3TlRBNE1URXhPVEF6V2hjTk1qVXdOVEE0TVRFeE9UQXpXakJlTVFzd0NRWURWUVFHRXdKVlV6RU4KTUFzR0ExVUVDQXdFVkdWemRERU5NQXNHQTFVRUJ3d0VWR1Z6ZERFYU1CZ0dBMVVFQ2d3UlZHVnpkQ0JQY21kaApibWw2WVhScGIyNHhGVEFUQmdOVkJBTU1ERlJsYzNRZ1VtOXZkQ0JEUVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJHMlZrNG9LUk0rQWI4ajcrSy9hOTlBVDNUc2VaQ1R6bmpVV1BnZTZwTXFNcmYzTEJadkIKR1dqc2t2bkVWYldmZVl5d1JMSnpBdE5CRWN1bVBYVWc0RldqRXpBUk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdGZzJxanBRNms0ZUgyb0lVVklTMUNUUFBJaG4xdDdqOEpVaUxjcng5Cm1lZ0NJRG5UTHl6R1FqaHNoYXVMWkxzbkEyV3FEd0FLYzFLam95dlkwRStGb251KwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==",
  24.     "created": "2024-05-08T11:19:50+00:00",
  25.     "expiry": "2025-05-08T11:19:03+00:00",
  26.     "isVerified": false,
  27.     "subject": "Test Root CA",
  28.     "thumbprint": "8206C809EC89C9E03227B0F5C425AFD6E99645AB",
  29.     "updated": "2024-05-08T11:19:50+00:00"
  30.   },
  31.   "resourceGroup": "Dev",
  32.   "type": "Microsoft.Devices/IotHubs/Certificates"
  33. }
  34. PS C:\ncs\v2.6.0\nrf\scripts> az iot hub certificate generate-verification-code --hub-name IotHub003 --name test_root_cert --etag "IjUxMDUzZjIzLTAwMDAtMDEwMC0wMDAwLTY2M2I1ZmQ2MDAwMCI="
  35. {
  36.   "etag": "IjUxMDU0NzJmLTAwMDAtMDEwMC0wMDAwLTY2M2I1ZmY1MDAwMCI=",
  37.   "id": "/subscriptions/de121bc4-c0c4-4267-af61-9f5f6cf6c79e/resourceGroups/Dev/providers/Microsoft.Devices/IotHubs/IotHub003/certificates/test_root_cert",
  38.   "name": "test_root_cert",
  39.   "properties": {
  40.     "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwRENDQVhlZ0F3SUJBZ0lVS1QvMW56elRqZFBvS0VCQjd1S2tvcTJod25jd0NnWUlLb1pJemowRUF3SXcKWGpFTE1Ba0dBMVVFQmhNQ1ZWTXhEVEFMQmdOVkJBZ01CRlJsYzNReERUQUxCZ05WQkFjTUJGUmxjM1F4R2pBWQpCZ05WQkFvTUVWUmxjM1FnVDNKbllXNXBlbUYwYVc5dU1SVXdFd1lEVlFRRERBeFVaWE4wSUZKdmIzUWdRMEV3CkhoY05NalF3TlRBNE1URXhPVEF6V2hjTk1qVXdOVEE0TVRFeE9UQXpXakJlTVFzd0NRWURWUVFHRXdKVlV6RU4KTUFzR0ExVUVDQXdFVkdWemRERU5NQXNHQTFVRUJ3d0VWR1Z6ZERFYU1CZ0dBMVVFQ2d3UlZHVnpkQ0JQY21kaApibWw2WVhScGIyNHhGVEFUQmdOVkJBTU1ERlJsYzNRZ1VtOXZkQ0JEUVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJHMlZrNG9LUk0rQWI4ajcrSy9hOTlBVDNUc2VaQ1R6bmpVV1BnZTZwTXFNcmYzTEJadkIKR1dqc2t2bkVWYldmZVl5d1JMSnpBdE5CRWN1bVBYVWc0RldqRXpBUk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdGZzJxanBRNms0ZUgyb0lVVklTMUNUUFBJaG4xdDdqOEpVaUxjcng5Cm1lZ0NJRG5UTHl6R1FqaHNoYXVMWkxzbkEyV3FEd0FLYzFLam95dlkwRStGb251KwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==",
  41.     "created": "2024-05-08T11:19:50+00:00",
  42.     "expiry": "2025-05-08T11:19:03+00:00",
  43.     "isVerified": false,
  44.     "subject": "Test Root CA",
  45.     "thumbprint": "8206C809EC89C9E03227B0F5C425AFD6E99645AB",
  46.     "updated": "2024-05-08T11:20:21+00:00",
  47.     "verificationCode": "56B9A3676CEDA3949119D5D6789F5AE983CE2266415A9468"
  48.   },
  49.   "resourceGroup": "Dev",
  50.   "type": "Microsoft.Devices/IotHubs/Certificates"
  51. }
  52. PS C:\ncs\v2.6.0\nrf\scripts> python cert_tool.py client_key
  53. certs/private-key.pem generated successfully!
  54. PS C:\ncs\v2.6.0\nrf\scripts> cert_tool.py csr --common-name 56B9A3676CEDA3949119D5D6789F5AE983CE2266415A9468
  55. cert_tool.py : The term 'cert_tool.py' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
  56. the spelling of the name, or if a path was included, verify that the path is correct and try again.
  57. At line:1 char:1
  58. + cert_tool.py csr --common-name 56B9A3676CEDA3949119D5D6789F5AE983CE22 ...
  59. + ~~~~~~~~~~~~
  60.     + CategoryInfo          : ObjectNotFound: (cert_tool.py:String) [], CommandNotFoundException
  61.     + FullyQualifiedErrorId : CommandNotFoundException
  62.  
  63.  
  64. Suggestion [3,General]: The command cert_tool.py was not found, but does exist in the current location. Windows PowerShell does not load commands from the current location by default. If you trust this command, instead type: ".\cert_tool.py". See "get-help about_Command_Precedence" for more details.
  65. PS C:\ncs\v2.6.0\nrf\scripts> python cert_tool.py csr --common-name 56B9A3676CEDA3949119D5D6789F5AE983CE2266415A9468
  66. CSR saved as certs/client-csr.pem
  67. PS C:\ncs\v2.6.0\nrf\scripts> python cert_tool.py sign_root
  68. Signing certificate with CN: 56B9A3676CEDA3949119D5D6789F5AE983CE2266415A9468
  69. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:323: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  70.   .not_valid_before(datetime.datetime.utcnow())
  71. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:324: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  72.   .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))
  73. Signed client certificate saved as certs/client-cert.pem
  74. PS C:\ncs\v2.6.0\nrf\scripts> az iot hub certificate verify --hub-name IotHub003 --name test_root_cert --etag "IjUxMDU0NzJmLTAwMDAtMDEwMC0wMDAwLTY2M2I1ZmY1MDAwMCI="
  75. the following arguments are required: --path/-p
  76.  
  77. Examples from AI knowledge base:
  78. az iot hub certificate verify --hub-name MyIotHub --name MyCertificate --path /certificates/Verification.pem --etag AAAAAAAAAAA=
  79. Verifies ownership of the MyCertificate private key.
  80.  
  81. az iot hub certificate verify --etag AAAAAAAAAAA= --hub-name MyIotHub --name MyCertificate --path /certificates/Verification.pem --resource-group MyResourceGroup --subscription MySubscription
  82. Verifies an Azure IoT Hub certificate (autogenerated)
  83.  
  84. https://aka.ms/cli_ref
  85. Read more about the command in reference docs
  86. PS C:\ncs\v2.6.0\nrf\scripts> az iot hub certificate verify --hub-name IotHub003 --name test_root_cert --etag "IjUxMDU0NzJmLTAwMDAtMDEwMC0wMDAwLTY2M2I1ZmY1MDAwMCI=" --path certs/client-cert.pem
  87. {
  88.   "etag": "IjUxMDVkZjU5LTAwMDAtMDEwMC0wMDAwLTY2M2I2MDZkMDAwMCI=",
  89.   "id": "/subscriptions/de121bc4-c0c4-4267-af61-9f5f6cf6c79e/resourceGroups/Dev/providers/Microsoft.Devices/IotHubs/IotHub003/certificates/test_root_cert",
  90.   "name": "test_root_cert",
  91.   "properties": {
  92.     "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwRENDQVhlZ0F3SUJBZ0lVS1QvMW56elRqZFBvS0VCQjd1S2tvcTJod25jd0NnWUlLb1pJemowRUF3SXcKWGpFTE1Ba0dBMVVFQmhNQ1ZWTXhEVEFMQmdOVkJBZ01CRlJsYzNReERUQUxCZ05WQkFjTUJGUmxjM1F4R2pBWQpCZ05WQkFvTUVWUmxjM1FnVDNKbllXNXBlbUYwYVc5dU1SVXdFd1lEVlFRRERBeFVaWE4wSUZKdmIzUWdRMEV3CkhoY05NalF3TlRBNE1URXhPVEF6V2hjTk1qVXdOVEE0TVRFeE9UQXpXakJlTVFzd0NRWURWUVFHRXdKVlV6RU4KTUFzR0ExVUVDQXdFVkdWemRERU5NQXNHQTFVRUJ3d0VWR1Z6ZERFYU1CZ0dBMVVFQ2d3UlZHVnpkQ0JQY21kaApibWw2WVhScGIyNHhGVEFUQmdOVkJBTU1ERlJsYzNRZ1VtOXZkQ0JEUVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJHMlZrNG9LUk0rQWI4ajcrSy9hOTlBVDNUc2VaQ1R6bmpVV1BnZTZwTXFNcmYzTEJadkIKR1dqc2t2bkVWYldmZVl5d1JMSnpBdE5CRWN1bVBYVWc0RldqRXpBUk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdGZzJxanBRNms0ZUgyb0lVVklTMUNUUFBJaG4xdDdqOEpVaUxjcng5Cm1lZ0NJRG5UTHl6R1FqaHNoYXVMWkxzbkEyV3FEd0FLYzFLam95dlkwRStGb251KwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==",
  93.     "created": "2024-05-08T11:19:50+00:00",
  94.     "expiry": "2025-05-08T11:19:03+00:00",
  95.     "isVerified": true,
  96.     "subject": "Test Root CA",
  97.     "thumbprint": "8206C809EC89C9E03227B0F5C425AFD6E99645AB",
  98.     "updated": "2024-05-08T11:22:21+00:00"
  99.   },
  100.   "resourceGroup": "Dev",
  101.   "type": "Microsoft.Devices/IotHubs/Certificates"
  102. }
  103. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 list
  104. Secure tag   Key type           SHA
  105. 100          ROOT_CA_CERT       616552BECF388A41B4CF611E19FA29202727801223A49EAAA3B2B870C197E0A8
  106. 955          ROOT_CA_CERT       02D55E6202B89C1060482D1235CF20F1CF52315B6A91027C89CF530B253CA15C
  107. 16842753     ROOT_CA_CERT       0E0A61E2E78D28EEA66B15A9B10C1F4E5E8AD379FEA9131D02EC4A2473F9AB9C
  108. 16842753     CLIENT_CERT        C72403A1C8324338F760D84258CED44CF1C0ECD1D1B302BEE72FFDFCBE68BAF6
  109. 16842753     CLIENT_KEY         43455481E49EC20447B4A49AA774ABDC40064FE0B8E7B96C95BABCBE12339677
  110. 4294967293   NORDIC_ID_ROOT_CA  2C43952EE9E000FF2ACC4E2ED0897C0A72AD5FA72C3D934E81741CBD54F05BD1
  111. 4294967294   DEV_ID_PUB_KEY     690E95A9C1A6EE57F3A2DBE2F4F4E7A8A32B98386AAA5ABD688C8B6132AC8A66
  112. 4294967292   NORDIC_PUB_KEY     2027C4699EAA90A414D33FA81B975C0FDEDEFB04A19CEA1ED43A8876CAD31E89
  113. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 generate 10 certs/client-csr.der
  114. New private key generated in secure tag 10
  115. Wrote CSR in DER format to certs/client-csr.der
  116. PS C:\ncs\v2.6.0\nrf\scripts> openssl req -inform DER -in certs/client-csr.der -outform PEM -out certs/client-csr.pem
  117. PS C:\ncs\v2.6.0\nrf\scripts> python cert_tool.py sign
  118. Signing certificate with CN: 504b4230-3230-4bf4-8073-0f1bd109e9e0
  119. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:323: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  120.   .not_valid_before(datetime.datetime.utcnow())
  121. C:\ncs\v2.6.0\nrf\scripts\cert_tool.py:324: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
  122.   .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))
  123. Signed client certificate saved as certs/client-cert.pem
  124. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 write 10 CLIENT_CERT certs/client-cert.pem
  125. PS C:\ncs\v2.6.0\nrf\scripts> az iot hub device-identity create -n IotHub003 -d 504b4230-3230-4bf4-8073-0f1bd109e9e0 --am x509_ca
  126. {
  127.   "authentication": {
  128.     "symmetricKey": {
  129.       "primaryKey": null,
  130.       "secondaryKey": null
  131.     },
  132.     "type": "certificateAuthority",
  133.     "x509Thumbprint": {
  134.       "primaryThumbprint": null,
  135.       "secondaryThumbprint": null
  136.     }
  137.   },
  138.   "capabilities": {
  139.     "iotEdge": false
  140.   },
  141.   "cloudToDeviceMessageCount": 0,
  142.   "connectionState": "Disconnected",
  143.   "connectionStateUpdatedTime": "0001-01-01T00:00:00+00:00",
  144.   "deviceId": "504b4230-3230-4bf4-8073-0f1bd109e9e0",
  145.   "deviceScope": null,
  146.   "etag": "MzM5NzEzNjkw",
  147.   "generationId": "638507642634120452",
  148.   "lastActivityTime": "0001-01-01T00:00:00+00:00",
  149.   "parentScopes": null,
  150.   "status": "enabled",
  151.   "statusReason": null,
  152.   "statusUpdatedTime": "0001-01-01T00:00:00+00:00"
  153. }
  154. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 list
  155. Secure tag   Key type           SHA
  156. 10           CLIENT_CERT        1BCDA20359A508462C65B78A825F8CD236FFC4C90750AE5198A4F36D8911E79F
  157. 10           CLIENT_KEY         06C66275511FC749F0B54AB2E27BA71580C6AF72031DA5A3C03B357C02809BBE
  158. 100          ROOT_CA_CERT       616552BECF388A41B4CF611E19FA29202727801223A49EAAA3B2B870C197E0A8
  159. 955          ROOT_CA_CERT       02D55E6202B89C1060482D1235CF20F1CF52315B6A91027C89CF530B253CA15C
  160. 16842753     ROOT_CA_CERT       0E0A61E2E78D28EEA66B15A9B10C1F4E5E8AD379FEA9131D02EC4A2473F9AB9C
  161. 16842753     CLIENT_CERT        C72403A1C8324338F760D84258CED44CF1C0ECD1D1B302BEE72FFDFCBE68BAF6
  162. 16842753     CLIENT_KEY         43455481E49EC20447B4A49AA774ABDC40064FE0B8E7B96C95BABCBE12339677
  163. 4294967293   NORDIC_ID_ROOT_CA  2C43952EE9E000FF2ACC4E2ED0897C0A72AD5FA72C3D934E81741CBD54F05BD1
  164. 4294967294   DEV_ID_PUB_KEY     690E95A9C1A6EE57F3A2DBE2F4F4E7A8A32B98386AAA5ABD688C8B6132AC8A66
  165. 4294967292   NORDIC_PUB_KEY     2027C4699EAA90A414D33FA81B975C0FDEDEFB04A19CEA1ED43A8876CAD31E89
  166. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 write 10 ROOT_CA_CERT .\DigiCertGlobalRootG2.crt.pem
  167. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 write 11 ROOT_CA_CERT .\BaltimoreCyberTrustRoot.crt.pem
  168. PS C:\ncs\v2.6.0\nrf\scripts> nrfcredstore COM3 list
  169. Secure tag   Key type           SHA
  170. 10           ROOT_CA_CERT       531686021C0FA28F91E3A1F106E7B5A8B889C254020AAFBDFD32C95DE350CE13
  171. 10           CLIENT_CERT        1BCDA20359A508462C65B78A825F8CD236FFC4C90750AE5198A4F36D8911E79F
  172. 10           CLIENT_KEY         06C66275511FC749F0B54AB2E27BA71580C6AF72031DA5A3C03B357C02809BBE
  173. 11           ROOT_CA_CERT       371DE629C252EBED6085B27491EBC43EBC295EE1EEEBB68FDBCE3010B133DBC1
  174. 100          ROOT_CA_CERT       616552BECF388A41B4CF611E19FA29202727801223A49EAAA3B2B870C197E0A8
  175. 955          ROOT_CA_CERT       02D55E6202B89C1060482D1235CF20F1CF52315B6A91027C89CF530B253CA15C
  176. 16842753     ROOT_CA_CERT       0E0A61E2E78D28EEA66B15A9B10C1F4E5E8AD379FEA9131D02EC4A2473F9AB9C
  177. 16842753     CLIENT_CERT        C72403A1C8324338F760D84258CED44CF1C0ECD1D1B302BEE72FFDFCBE68BAF6
  178. 16842753     CLIENT_KEY         43455481E49EC20447B4A49AA774ABDC40064FE0B8E7B96C95BABCBE12339677
  179. 4294967293   NORDIC_ID_ROOT_CA  2C43952EE9E000FF2ACC4E2ED0897C0A72AD5FA72C3D934E81741CBD54F05BD1
  180. 4294967294   DEV_ID_PUB_KEY     690E95A9C1A6EE57F3A2DBE2F4F4E7A8A32B98386AAA5ABD688C8B6132AC8A66
  181. 4294967292   NORDIC_PUB_KEY     2027C4699EAA90A414D33FA81B975C0FDEDEFB04A19CEA1ED43A8876CAD31E89
  182. PS C:\ncs\v2.6.0\nrf\scripts>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!