This repository has been archived by the owner on Feb 3, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcerts.txt
75 lines (50 loc) · 2.3 KB
/
certs.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
certs.txt
identity_admin.jks alias admin password welcome
identity_node1.jks alias node1 password welcome
identity_node2.jks alias node2 password welcome
truststore.jks password welcome
mkdir keys
cd keys
#request
openssl genrsa -des3 -out ca.key 4096 -rand random
#self sign ca
openssl req -new -x509 -days 3650 -config ca.conf -key ca.key -out ca.crt
# make index.txt
touch index.txt
# make serial.txt
echo "01" >> serial.txt
openssl genrsa -des3 -out admin.key 4096
openssl req -newkey rsa:2048 -nodes -keyout admin.key -out admin.csr -config ca.conf
# sign admin request
openssl ca -in admin.csr -out admin.pem -keyfile ca.key -cert ca.crt -config ca.conf
# export admin
openssl pkcs12 -export -inkey admin.key -in admin.pem -out admin.p12 -name admin
# identity admin store
rm ../identity_admin.jks
keytool -importkeystore -destkeystore ../identity_admin.jks -deststorepass welcome -srckeystore admin.p12 -srcstorepass welcome -srcstoretype pkcs12
#list
keytool -list -keystore ../identity_admin.jks -storepass welcome
# truststore
# make truststore
rm ../truststore.jks
keytool -import -file ca.crt -alias ca -trustcacerts -keystore ../truststore.jks -storepass welcome -keypass welcome
# generate node1.example.com request
openssl genrsa -des3 -out node1.key 4096
openssl req -newkey rsa:2048 -nodes -keyout node1.key -out node1.csr -config ca.conf
# sign node1 request
openssl ca -in node1.csr -out node1.pem -keyfile ca.key -cert ca.crt -config ca.conf
# export node1
openssl pkcs12 -export -inkey node1.key -in node1.pem -out node1.p12 -name node1
# identity node1 store
rm ../identity_node1.jks
keytool -importkeystore -destkeystore ../identity_node1.jks -deststorepass welcome -srckeystore node1.p12 -srcstorepass welcome -srcstoretype pkcs12
# generate node2.example.com request
openssl genrsa -des3 -out node2.key 4096
openssl req -newkey rsa:2048 -nodes -keyout node2.key -out node2.csr -config ca.conf
# sign node2 request
openssl ca -in node2.csr -out node2.pem -keyfile ca.key -cert ca.crt -config ca.conf
# export node2
openssl pkcs12 -export -inkey node2.key -in node2.pem -out node2.p12 -name node2
# identity node2 store
rm ../identity_node2.jks
keytool -importkeystore -destkeystore ../identity_node2.jks -deststorepass welcome -srckeystore node2.p12 -srcstorepass welcome -srcstoretype pkcs12