Generating Encryption Certificate

This chapter introduces how to generate FIRERPA’s encryption certificate. It’s important to note the distinction that this certificate is not the certificate used in man-in-the-middle packet capture. This certificate is used to encrypt the communication traffic between you and the FIRERPA service, preventing unauthorized access to the FIRERPA service and remote desktop on your device, thereby avoiding security risks such as information leakage.

You can find the certificate generation script in the tools directory of the project. The file name is cert.py. You need to install the environment and dependencies in advance. We recommend that you always keep updated to ensure there are no compatibility issues. You can generate a simple encryption certificate using the following command, which will generate a certificate file named mydevice.local.pem.

python3 cert.py mydevice.local

The current directory will also generate root.crt and root.key, which are root certificates. They are not usually used directly, but please keep them safe.

LAMDA SSL CERTIFICATE (CN=mydevice.local,PASSWD=e908d358...)
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA33YUKkfUkLeWtsCe7A1yzIZsqOTd1a8XWr9+Vh0ombOdtnqK...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC1DCCAbygAwIBAgIQBKjY0w1FbPJooD5mJ1CWwDANBgkqhkiG9w0BAQsFADAz...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIQR9OCJbQGGQT5Pgp7PmLrDTANBgkqhkiG9w0BAQsFADAz...
-----END CERTIFICATE-----

The format of the generated certificate is as shown above. Please do not edit this file yourself. The certificate contains the default remote desktop login password. As long as you apply this encryption certificate to the FIRERPA service, opening the remote desktop again will require using the https method, and you will need to use the PASSWD in the certificate for authorization. SSH will also require you to use this certificate to complete the login.