keys
Directory actions
More options
Directory actions
More options
keys
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||
# Commands for Linux # Use Win analogs if you use MS Windows ./ # Cleanup rm -f index.txt.attr index.txt.old serial.old index.txt rm -f ./ca/* rm -f ./client/* rm -f ./client/new/* # Create some files for openssl echo "01" > serial touch index.txt cd ca # CA # Generate CA Cert keytool -genkey -alias myca -keyalg RSA -keypass Passw0rd -storepass Passw0rd -keystore ca_keystore.jks -validity 10950 CN=GS Authority, OU=GS Tech, O=GS, L=SPB, ST=SPB, C=RU # Create PKCS12 keystore and import CA there keytool -importkeystore -srckeystore ca_keystore.jks -destkeystore ca_keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass Passw0rd -deststorepass Passw0rd -srcalias myca -destalias myca -srckeypass Passw0rd -destkeypass Passw0rd -noprompt # Export CA key openssl pkcs12 -in ca_keystore.p12 -nocerts -nodes > ca_pk.pem # Export CA Cert openssl pkcs12 -in ca_keystore.p12 -nokeys -nodes > ca.pem cd ../client # Client # Generate Client Cert keytool -genkey -alias bob -keyalg RSA -keypass Passw0rd -storepass Passw0rd -keystore client_keystore.jks -validity 10949 CN=Bob, OU=GS Clients, O=GS, L=SPB, ST=SPB, C=RU # Create Certificate Sign Request keytool -certreq -alias bob -file bob_csr.pem -keypass Passw0rd -keystore client_keystore.jks -storepass Passw0rd cd .. # Sign Bob's Cert with CA's Cert # openssl config is from openssl.cnf file openssl ca -config ./openssl.cnf -in ./client/bob_csr.pem -out ./client/bob_signed.pem cd client # Cleanup signed Cert openssl x509 -in bob_signed.pem -out bob_signed_x509.pem -outform PEM # Import CA Cert to Client keystore keytool -import -trustcacerts -alias myca -file ../ca/ca.pem -keystore client_keystore.jks -storetype JKS -storepass Passw0rd # Import Signed Bob's cert into Client keystore keytool -import -alias bob -file bob_signed_x509.pem -keystore client_keystore.jks -storetype JKS -storepass Passw0rd cd ../ca # Add CA Cert to Server's cacerts keytool -import -v -trustcacerts -alias myca -file ca.pem -keystore /opt/java/wildfly-8.1.0.Final/standalone/configuration/SSLCertStore.jks -storepass secret cd ../client # Create PKCS12 keystore and import Client keystore into it keytool -importkeystore -srckeystore client_keystore.jks -destkeystore client_keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass Passw0rd -deststorepass Passw0rd # You should import client_keystore.p12 with Bob's signed Cert into your browser # Result: # In Browser: Client signed with CA cert and private key for it # In Server: CA Cert in trusted certs