demo/ssl/ssl.txt

   1 # Password for all users and teh CA is 'demo'
   2 # Password for all key- and truststores is 'changeit'
   3
   4 # Clean
   5 # rm server.*
   6
   7 # Create CA
   8 openssl genrsa -des3 -out ca.key 4096
   9 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
  10
  11 # Create Keystore and Truststore and add CA to them
  12 keytool -import -keystore server.ts -file ca.crt -alias ArgeoDemoCA
  13 keytool -import -keystore server.ks -file ca.crt -alias ArgeoDemoCA
  14
  15 # Tomcat Server
  16 # (we must use keytool)
  17 keytool -genkey -alias tomcat -keyalg RSA -keysize 4096 -keystore server.ks
  18 keytool -certreq -alias tomcat -keystore server.ks -file tomcat.csr
  19 openssl x509 -req -set_serial 02 -days 3650 -in tomcat.csr -CA ca.crt -CAkey ca.key -out tomcat.crt
  20 keytool -importcert -alias tomcat -keystore server.ks -file tomcat.crt
  21
  22 # Root User
  23 openssl genrsa -des3 -out root@demo.key 4096
  24 openssl req -new -key root@demo.key -out root@demo.csr
  25 openssl x509 -req -set_serial 03 -days 3650 -in root@demo.csr -CA ca.crt -CAkey ca.key -out root@demo.crt
  26 openssl pkcs12 -export -out root@demo.p12 -inkey root@demo.key -in root@demo.crt -certfile ca.crt
  27
  28 # Demo User
  29 openssl genrsa -des3 -out demo@demo.key 4096
  30 openssl req -new -key demo@demo.key -out demo@demo.csr
  31 openssl x509 -req -set_serial 04 -days 3650 -in demo@demo.csr -CA ca.crt -CAkey ca.key -out demo@demo.crt
  32 openssl pkcs12 -export -out demo@demo.p12 -inkey demo@demo.key -in demo@demo.crt -certfile ca.crt