OpenSSL 인증서 만들기 & WizFi210으로 SSL Server로 접속하기 위한 방법

본 포스팅은 OpenSSL에서 인증서를 생성하여 PC(SSL Server)와 임베디드 디바이스(WizFi210) 간에 SSL 통신을 하기 위한 예제 이다.

본 글은 크게 2개의 섹션으로 나뉘며, 첫번째는 OpenSSL을 이용하여 인증서를 만드는 방법을, 두번째는 OpenSSL Server와 Device간의 통신을 위한 설정 방법을 설명 한다.

Create Root CA Certification

1. 1.  Create CA Private Key ( pass phrase : password )
            - openssl genrsa -des3 -out ca.key 1024
           

      

   2. Create CA csr key ( pass phrase : password )
            - openssl req -new -key ca.key -out ca.csr
           

      

   3. Create Root CA Certificate ( pass phrase : password )
           openssl x509 -req -days 1280 -in ca.csr -signkey ca.key -out ca.crt
           

      

   4. Delete password in Private Key ( pass phrase : password )
      openssl rsa -in ca.key -out ca_key.pem
          

      

Create Server Certification

1. 1. Create Server Private Key
      openssl genrsa -des3 -out server.key 1024
        

      

   2. Create Server csr Key
      openssl req -new -key server.key -out server.csr

      

   3. Create Server Certificate
      openssl x509 -req -in server.csr -out server.crt -signkey server.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

      

   4. Delete password in Server Private Key
      openssl rsa -in server.key -out server_key.pem
      
      

      

Create Client Certification

1. 1. Create Client Private Key
       openssl genrsa -des3 -out client.key 1024
      
      

      

   2. Create csr Key
      openssl req -new -key client.key -out client.csr
      
      

      

   3. Create Client Certificate
       openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA server.crt -CAkey server.key -CAcreateserial -days 365
      
      

      

   4. Delete Password in Client Private Key
      
      
      openssl rsa -in client.key -out client_key.pem

      

Covert PEM to DER

WizFi210 needs "DER" format of certificate and key. so we have to change these format to "DER" as below.

Run Openssl SSL Server

openssl s_server -accept 6000 -cert server.crt -key server.key -CAfile ca.crt -verify 0

( verify에 0을 주지 않으면, SSL Server에서 Certificate Request를 보내지 않음 )

Run WizFi210 SSL Client

Register client certification to WizFi210 as below. There are two method for register client certification.

First method is using AT Command of WizFi210. ( AT+CERTADD )

For more information about this command, Refer to this document. ( http://wiznet.co.kr/Admin_Root/UpLoad_Files/BoardFiles/WizFi210_PG_V130E.pdf )

Second method is using WIZSmartScript as below.

This mehtod is same with first. But It is more easy to use WIZSmartScript.

Connect to SSL Server on WizFi210

It must set time using AT+SETTIME command for connecting to SSL server.

Delete Certificate

This is method for deleting certificate on WizFi210.

---