Generating Service Certificate¶

This chapter describes how to generate a service certificate for FIRERPA. It is important to note that this certificate is different from the one used for man-in-the-middle packet sniffing. This certificate is used to encrypt the communication traffic between you and the FIRERPA service, preventing unauthorized access to the FIRERPA service and Remote Desktop on your device, thus avoiding security risks like information leakage.

You can find the certificate generation script, named cert.py, in the project's tools directory. You need to have the environment and dependencies installed beforehand. We recommend keeping them updated to avoid compatibility issues. You can generate a simple service certificate with the following command, which will create a certificate file named mydevice.local.pem.

python3 cert.py mydevice.local

root.crt and root.key will also be generated in the current directory. These are the root certificates; while not typically used directly, please store them securely.

LAMDA SSL CERTIFICATE (CN=mydevice.local,PASSWD=e908d358...)
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA33YUKkfUkLeWtsCe7A1yzIZsqOTd1a8XWr9+Vh0ombOdtnqK...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC1DCCAbygAwIBAgIQBKjY0w1FbPJooD5mJ1CWwDANBgkqhkiG9w0BAQsFADAz...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIQR9OCJbQGGQT5Pgp7PmLrDTANBgkqhkiG9w0BAQsFADAz...
-----END CERTIFICATE-----

The format of the generated certificate is shown above. Please do not edit this file yourself. The certificate contains the default Remote Desktop login password. Once you apply this service certificate to the FIRERPA service, you will need to use https to access the Remote Desktop, and you will need to use the PASSWD from the certificate for authorization. SSH will also require this certificate to complete the login.