Certify is a tool to create and view certificates and can be used to set up a test PKI for secured V2X communication based on TS 103 097 v1.2.1.
You need to enable building this tool explicitly.
cmake -D BUILD_CERTIFY=ON .. in your build directory and rebuild Vanetza.
You should be able to find
bin/certify in your build directory afterwards.
The following section describe how to setup a test PKI. We will generate a root certificate, an authorization authority certificate and an authorization ticket.
New private keys can be generated using
bin/certify generate-key root.key.
The corresponding public key can be extracted using
bin/certify extract-public-key --private-key root.key root.pub, but this step usually isn’t required.
Please generate a
root.key for the root certificate, a
aa.key for the authorization authority and a
ticket.key for the authorization ticket.
Generating Root Certificates
A root certificate can be generated using
bin/certify generate-root --subject-key root.key root.cert.
Generating Authorization Authorities
An authorization authority certificate can be generated using
bin/certify generate-aa --sign-key root.key --sign-cert root.cert --subject-key aa.key aa.cert.
Generating Authorization Tickets
An authorization ticket can be generated using
bin/certify generate-ticket --sign-key aa.key --sign-cert aa.cert --subject-key ticket.key ticket.cert.
If you’re generating a certificate for real V2X hardware, it will likely use a hardware security module (HSM), which will only expose the public key.
You can export the given public key to a file and use
--subject-key also with public keys.
The public key needs to be encoded according to the rules specified by ETSI in TS 103 097 v1.2.1.
This guide only uses the required options.
Further options may be available for certain commands.
bin/certify <command> --help for further information.
This application has been initially developed Niklas Keller.