Hi Free5GC Community,
I’m working on integrating Free5GC with OpenBao (HashiCorp Vault fork) for certificate management and need to understand how the default certificates were generated.
Background:
I’m trying to replicate the certificate structure from https://github.com/free5gc/free5gc/tree/main/cert using OpenBao’s PKI secrets engine. To do this properly, I need to know the exact OpenSSL commands or certificate generation process that was used to create the original certificates.
What I Need:
Could someone from the Free5GC team or community please share:
Root CA generation commands - How was the root CA certificate and private key created?
Network Function certificates - What OpenSSL commands were used to generate the individual NF certificates (amf.pem, nrf.pem, etc.)?
Certificate extensions and parameters - What specific key usage, extended key usage, and other X.509 extensions were applied?
Certificate signing process - How were the NF certificates signed by the root CA?
Example of what I’m looking for:
Something like this for root CA:
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650
-out rootCA.pem -subj “/C=TW/ST=Taiwan/L=Taipei/O=free5GC Project/CN=free5GC Root CA”
And for NF certificates:
openssl genrsa -out nrf.key 2048
openssl req -new -key nrf.key -out nrf.csr -subj “/CN=nrf.free5gc.org”
openssl x509 -req -in nrf.csr -CA rootCA.pem -CAkey rootCA.key -out nrf.pem
Why This Matters:
Understanding the original certificate generation process will help me:
Configure OpenBao PKI engine with the correct parameters
Ensure OAuth2 token generation works properly with the NRF
Maintain compatibility with Free5GC’s certificate expectations
Automate certificate lifecycle management
Current Issue:
I’m getting OAuth2-related certificate verification errors, and I suspect it’s because my OpenBao-generated certificates don’t match the exact specifications of the original Free5GC certificates.
Any help, documentation links, or insights would be greatly appreciated!
Thanks in advance!
Environment:
Use Case: Enterprise Free5GC deployment with centralized certificate management
Version: Free5GC v3.4.x
Related: PKI, OAuth2, NRF certificate management