]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - demo/ssl/ssl.sh
3 # COMPLETELY UNSAFE - FOR DEVELOPMENT ONLY
4 # Run this script from its directory
5 # all *.p12 passwords are 'demo'
6 # all *.jks passwords are 'changeit'
8 SERVER_DN
=/C
=DE
/O
=Example
/OU
=Systems
/CN
=apps.example.com
/
9 USERS_BASE_DN
=/DC
=com
/DC
=example
/OU
=users
11 export OPENSSL_CONF
=.
/openssl.cnf
14 /etc
/pki
/tls
/misc
/CA
-newca
16 openssl req
-x509 -new -newkey rsa
:1024 -extensions server_ext
-days 365 \
18 -keyout newkey.pem
-passout pass
:demo
-out newcrt.pem
20 openssl pkcs12
-export -passin pass
:demo
-passout pass
:changeit \
21 -name "jetty" -inkey newkey.pem
-in newcrt.pem \
22 -certfile .
/CA
/cacert.pem \
25 # Convert PKCS12 keystore into a JKS keystore
26 keytool
-importkeystore \
27 -srckeystore server.p12
-srcstoretype pkcs12
-srcstorepass changeit \
28 -alias jetty
-destkeystore server.jks
-deststorepass changeit
32 keytool
-importcert -keystore server.jks
-storepass changeit \
33 -alias CA
-file CA
/cacert.pem
36 openssl req
-new -newkey rsa
:1024 -extensions user_ext
-days 365 \
37 -subj $USERS_BASE_DN/UID
=root
/ \
38 -keyout newkey.pem
-passout pass
:demo
-out newcsr.pem
39 openssl ca
-preserveDN -batch -passin pass
:demo
-in newcsr.pem
-out newcrt.pem
40 openssl pkcs12
-export -passin pass
:demo
-passout pass
:demo \
41 -name "root" -inkey newkey.pem
-in newcrt.pem \
45 #openssl req -new -newkey rsa:1024 -extensions user_ext -days 365 \
46 # -subj $USERS_BASE_DN/UID=demo/ \
47 # -keyout newkey.pem -passout pass:demo -out newcsr.pem
48 #openssl ca -preserveDN -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
49 #openssl pkcs12 -export -passin pass:demo -passout pass:demo \
50 # -name "demo" -inkey newkey.pem -in newcrt.pem \