[examples] Added TLS certificates + generation script

Author: c-jimenez

examples/certificates/.gitignore

@@ -0,0 +1,3 @@
+*.param
+*.srl
+*.csr

examples/certificates/README.md

@@ -0,0 +1,11 @@
+# Certificate generation for Open OCPP examples
+
+The **generate_certificates.sh** script allow to generate new certificates.
+
+The following certificates are generated:
+
+* open-ocpp_ca.crt : CA organization certificate
+* open-ocpp_central-system.crt : Central System's certificate
+* open-ocpp_charge-point.crt : Charge Point's certificate
+
+The associated private keys are generated in the .key files.

examples/certificates/generate_certificates.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+echo "Generating private key for CA..."
+openssl ecparam -name prime256v1 -out open-ocpp_ca.param
+openssl ecparam -in open-ocpp_ca.param -genkey -noout -out open-ocpp_ca.key
+echo "Generating certificate for CA..."
+openssl req -new -sha256 -key open-ocpp_ca.key -extensions v3_ca -config open-ocpp_ca.cnf -out open-ocpp_ca.csr
+echo "Self-signing CA certificate..."
+openssl x509 -req -sha256 -days 3650 -in open-ocpp_ca.csr -extensions v3_ca -extfile open-ocpp_ca.cnf -signkey open-ocpp_ca.key -out open-ocpp_ca.crt
+echo ""
+
+echo "Generating private key for Central System..."
+openssl ecparam -name prime256v1 -out open-ocpp_central-system.param
+openssl ecparam -in open-ocpp_central-system.param -genkey -noout -out open-ocpp_central-system.key
+echo "Generating certificate request for Central System..."
+openssl req -new -sha256 -key open-ocpp_central-system.key -extensions v3_ca -config open-ocpp_central-system.cnf -out open-ocpp_central-system.csr
+echo "Signing Central System certificate with CA certificate..."
+openssl x509 -req -sha256 -days 3650 -in open-ocpp_central-system.csr -extensions v3_ca -extfile open-ocpp_central-system.cnf -CA open-ocpp_ca.crt -CAkey open-ocpp_ca.key -CAcreateserial -out open-ocpp_central-system.crt
+echo "Verify certificate chain..."
+openssl verify -verbose -CAfile open-ocpp_ca.crt open-ocpp_central-system.crt
+echo ""
+
+echo "Generating private key for Charge Point..."
+openssl ecparam -name prime256v1 -out open-ocpp_charge-point.param
+openssl ecparam -in open-ocpp_charge-point.param -genkey -noout -out open-ocpp_charge-point.key
+echo "Generating certificate request for Charge Point..."
+openssl req -new -sha256 -key open-ocpp_charge-point.key -extensions v3_ca -config open-ocpp_charge-point.cnf -out open-ocpp_charge-point.csr
+echo "Signing Charge Point certificate with CA certificate..."
+openssl x509 -req -sha256 -days 3650 -in open-ocpp_charge-point.csr -extensions v3_ca -extfile open-ocpp_charge-point.cnf -CA open-ocpp_ca.crt -CAkey open-ocpp_ca.key -CAcreateserial -out open-ocpp_charge-point.crt
+echo "Verify certificate chain..."
+openssl verify -verbose -CAfile open-ocpp_ca.crt open-ocpp_charge-point.crt
+echo ""

examples/certificates/open-ocpp_ca.cnf

@@ -0,0 +1,25 @@
+[req]
+distinguished_name	= req_distinguished_name
+
+# Stop confirmation prompts. All information is contained below.
+prompt			= no
+
+# The extensions to add to a certificate request
+x509_extensions = v3_ca
+
+[req_distinguished_name]
+countryName =            FR
+stateOrProvinceName =    Savoie
+localityName =           Chambery
+organizationName =       Open OCPP
+organizationalUnitName = Examples
+commonName =             Open OCPP Certificate Authority
+emailAddress =           [email protected]
+
+[v3_ca]
+basicConstraints = CA:TRUE
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost
+DNS.2 = IP:127.0.0.1

examples/certificates/open-ocpp_ca.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAiSgAwIBAgIUROpklJY2B+02oFHz1MvijdkjtvgwCgYIKoZIzj0EAwIw
+gaMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZTYXZvaWUxETAPBgNVBAcMCENoYW1i
+ZXJ5MRIwEAYDVQQKDAlPcGVuIE9DUFAxETAPBgNVBAsMCEV4YW1wbGVzMSgwJgYD
+VQQDDB9PcGVuIE9DUFAgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYJKoZIhvcN
+AQkBFhBjYUBvcGVuLW9jcHAub3JnMB4XDTIyMDEyNTA4MjQzM1oXDTMyMDEyMzA4
+MjQzM1owgaMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZTYXZvaWUxETAPBgNVBAcM
+CENoYW1iZXJ5MRIwEAYDVQQKDAlPcGVuIE9DUFAxETAPBgNVBAsMCEV4YW1wbGVz
+MSgwJgYDVQQDDB9PcGVuIE9DUFAgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYJ
+KoZIhvcNAQkBFhBjYUBvcGVuLW9jcHAub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEJZAFFCLPK7VimsLANzt6QEVVASRfqG+w6/oiCksM8l5/UkbtMi07Eum9
+IS1opxqsf5dPrGnLVz2wslSEsdHiaqM0MDIwDAYDVR0TBAUwAwEB/zAiBgNVHREE
+GzAZgglsb2NhbGhvc3SCDElQOjEyNy4wLjAuMTAKBggqhkjOPQQDAgNIADBFAiEA
+9Dwgm5x0hw+wRtek9UJ1aJdwmlVgHCeGqFUjwArjn1YCIES6iO0nG+sMMFhWdRHZ
+nmfCimIZKr/bIH6EefWzbg9s
+-----END CERTIFICATE-----

examples/certificates/open-ocpp_ca.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDKwZrJhHkMw8cMAUNRgXzaFKlnimYYY8xB6ifuL/s4OoAoGCCqGSM49
+AwEHoUQDQgAEJZAFFCLPK7VimsLANzt6QEVVASRfqG+w6/oiCksM8l5/UkbtMi07
+Eum9IS1opxqsf5dPrGnLVz2wslSEsdHiag==
+-----END EC PRIVATE KEY-----

examples/certificates/open-ocpp_central-system.cnf

@@ -0,0 +1,25 @@
+[req]
+distinguished_name	= req_distinguished_name
+
+# Stop confirmation prompts. All information is contained below.
+prompt			= no
+
+# The extensions to add to a certificate request
+x509_extensions = v3_ca
+
+[req_distinguished_name]
+countryName =            FR
+stateOrProvinceName =    Savoie
+localityName =           Chambery
+organizationName =       Open OCPP
+organizationalUnitName = Examples
+commonName =             Open OCPP Central System
+emailAddress =           [email protected]
+
+[v3_ca]
+basicConstraints = CA:FALSE
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost
+DNS.2 = IP:127.0.0.1

examples/certificates/open-ocpp_central-system.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICgDCCAiagAwIBAgIUE0SqeLRrvEnH5WWw36XvPEisumMwCgYIKoZIzj0EAwIw
+gaMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZTYXZvaWUxETAPBgNVBAcMCENoYW1i
+ZXJ5MRIwEAYDVQQKDAlPcGVuIE9DUFAxETAPBgNVBAsMCEV4YW1wbGVzMSgwJgYD
+VQQDDB9PcGVuIE9DUFAgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYJKoZIhvcN
+AQkBFhBjYUBvcGVuLW9jcHAub3JnMB4XDTIyMDEyNTA4MjQzM1oXDTMyMDEyMzA4
+MjQzM1owgagxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZTYXZvaWUxETAPBgNVBAcM
+CENoYW1iZXJ5MRIwEAYDVQQKDAlPcGVuIE9DUFAxETAPBgNVBAsMCEV4YW1wbGVz
+MSEwHwYDVQQDDBhPcGVuIE9DUFAgQ2VudHJhbCBTeXN0ZW0xKzApBgkqhkiG9w0B
+CQEWHGNlbnRyYWwuc3lzdGVtQG9wZW4tb2NwcC5vcmcwWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAAR677GKDxt/gxd7ijqSvhF61+ETcNAvleHheWYuMiDQdfkVazz/
+pEBvvyRDiYpL39GyLubcW0cFJY41inripW44ozEwLzAJBgNVHRMEAjAAMCIGA1Ud
+EQQbMBmCCWxvY2FsaG9zdIIMSVA6MTI3LjAuMC4xMAoGCCqGSM49BAMCA0gAMEUC
+IH2UJPDnxHhg6nT/GnW+qIDvas7BSAZMIRQQpzYpxINaAiEA1Xe79Q7BUJ98esNN
+NhtHEYmVcY4Pjzdb6r75m/vjJN4=
+-----END CERTIFICATE-----

examples/certificates/open-ocpp_central-system.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFzxXv+7UwwnKeLgp8IB01r+fs5qAXiqjo8Ji/QJyCMjoAoGCCqGSM49
+AwEHoUQDQgAEeu+xig8bf4MXe4o6kr4RetfhE3DQL5Xh4XlmLjIg0HX5FWs8/6RA
+b78kQ4mKS9/Rsi7m3FtHBSWONYp64qVuOA==
+-----END EC PRIVATE KEY-----

examples/certificates/open-ocpp_charge-point.cnf

@@ -0,0 +1,25 @@
+[req]
+distinguished_name	= req_distinguished_name
+
+# Stop confirmation prompts. All information is contained below.
+prompt			= no
+
+# The extensions to add to a certificate request
+x509_extensions = v3_ca
+
+[req_distinguished_name]
+countryName =            FR
+stateOrProvinceName =    Savoie
+localityName =           Chambery
+organizationName =       Open OCPP
+organizationalUnitName = Examples
+commonName =             Open OCPP Charge Point
+emailAddress =           [email protected]
+
+[v3_ca]
+basicConstraints = CA:FALSE
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost
+DNS.2 = IP:127.0.0.1