Self signing CA certificate

To secure communication between the gateway and your server, you will need SSL/TLS certificates. The most robust approach is to use a certificate signed by a trusted Certification Authority. However, for demonstration purposes, we will generate and use self-signed certificates.

Before you start

  • Ensure that OpenSSL is installed on your computer (it is included with Git, so you likely have it already).

  • Register a domain name and point it to the IP address of the server that will receive data from the gateway.

Set up

1

Generate a private key

Open the command line and navigate to the folder where OpenSSL is installed (e.g., Git\usr\bin). Then run:

openssl genrsa -out rootCA.key 2048

This command generates a 2048-bit private key and saves it in a file named rootCA.key in the current directory. This key will later be used to sign all certificates.

2

Create a certificate signing request (CSR)

Run the following command:

openssl req -new -nodes -key rootCA.key -out signing_request.csr

You will be prompted to enter several optional fields, which form the certificate's Distinguished Name (DN). These fields may be left blank.

3

Generate and sign the root certificate

Create a self-signed root certificate using:

openssl x509 -in signing_request.csr -out rootCA.pem -req -signkey rootCA.key -days 365

The -days parameter sets the certificate's validity period (default is 30 days if omitted).

4

Upload the certificate to the gateway

Log in to the Efento Gateway via a web browser and navigate to: Settings → CA certificates

Select rootCA.pem and upload it. Confirm the change by clicking Save.

5

Generate the server certificate and key pair

Generate the server’s key pair and certificate signing request:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Important: When prompted, make sure to enter the correct domain name or IP address of your server.

Next, sign the server certificate with the root certificate:

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 365
6

Update the server application to support HTTPS

Your server application must support HTTPS communication. How you enable this depends on the programming language and framework you are using.

For example Python’s Flask framework supports HTTPS natively. Copy server.crt and server.key into your project folder, then update your app.run() call:

app.run(host='0.0.0.0', port=5000, ssl_context=('server.crt', 'server.key'))

This enables encrypted HTTPS communication.

7

Configure the Efento Gateway to use HTTPS

Ethernet gateway

  1. Log in to the gateway and go to: Settings → Server

  2. Enter your server’s domain in Server address, specify the port number, enable TLS, and click Save.

LTE gateway

From this point on, the gateway will send all data using secure HTTPS communication.

PreviousExample server application in Python

Last updated