Introduction
In this article, we'll walk through two important steps in the process of securing communication with IoT devices: generating a PEM certificate from an existing certificate and key file, and generating a SHA256 thumbprint for the PEM file using C#.
Example 1. How to Generate a PEM Certificate
To generate a PEM certificate from an existing certificate (.crt) and key (.key), we can use OpenSSL, a powerful tool for managing SSL certificates.
Command to Generate PEM Certificate
openssl pkcs12 -export \
-out client_cert.pem \
-inkey client_key.key \
-in client_certificate.crt
What does this command do?
- -export: Exports the certificate and key into a single file.
- -out client_cert.pem: Specifies the output file (client_cert.pem), which will contain both the certificate and the private key.
- -inkey client_key.key: The path to the private key file.
- -in client_certificate.crt: The path to the certificate file.
After running this command, you will have a client_cert.pem file that combines both your certificate and private key.
Example 2. Generating a Thumbprint in C#
In order to securely authenticate the certificate, you might need to generate a thumbprint of the PEM file. A thumbprint is a SHA256 hash of the certificate that uniquely identifies it. This is commonly used for device authentication in various applications, including IoT solutions.
Here’s how you can generate a SHA256 thumbprint using C#.
C# Code to Generate a SHA256 Thumbprint
using System;
using System.Security.Cryptography;
using System.Text;
using System.IO;
public class Program
{
public static string GenerateThumbprint(string pemPath)
{
// Read the PEM file into a byte array
byte[] certBytes = File.ReadAllBytes(pemPath);
// Compute the SHA256 hash of the certificate
using (SHA256 sha256 = SHA256.Create())
{
byte[] hash = sha256.ComputeHash(certBytes);
// Convert the hash into a readable format (hexadecimal)
return BitConverter.ToString(hash).Replace("-", "");
}
}
public static void Main()
{
// Generate the thumbprint for the given PEM file
string thumbprint = GenerateThumbprint("C:\\certs\\client_cert.pem");
// Print the thumbprint to the console
Console.WriteLine("Thumbprint: " + thumbprint);
}
}
How does this code work?
- File.ReadAllBytes(pemPath): Reads the PEM file into a byte array.
- SHA256.Create(): Creates an instance of the SHA256 hashing algorithm.
- Sha256.ComputeHash(certBytes): Computes the SHA256 hash from the PEM file’s byte array.
- BitConverter.ToString(hash).Replace("-", "): Converts the hash into a readable string without dashes.
Output
When you run this code, you’ll get an output similar to the following, which is the SHA256 thumbprint of the PEM certificate.
Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This thumbprint serves as a unique identifier for the certificate and can be used for authentication when establishing secure communication.
Conclusion
- PEM Certificate: We demonstrated how to generate a PEM certificate using OpenSSL. This certificate contains both the public certificate and the private key.
- Thumbprint: We then showed how to generate a SHA256 thumbprint in C# from the PEM certificate, which is often used for device authentication.
Both the PEM certificate and thumbprint are critical components for securing communication with devices, especially in IoT environments like Azure IoT Hub, where devices must authenticate securely before sending data.
I hope this article is most helpful for you. In the next article, we will see how to connect an MQTT client.