- -name "jetty" -inkey server.key -in server.crt \
- -out server.p12
-
- # Convert PKCS12 keystore into a JKS keystore
-keytool -importkeystore \
- -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass changeit \
- -alias jetty -destkeystore server.jks -deststorepass changeit
-
-# Import People CA
-keytool -importcert -keystore server.jks -storepass changeit \
- -alias CA -file CA/cacert.pem
-
-openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \
- -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=root/ \
- -keyout root.key -passout pass:demo -out root.csr
-openssl ca -batch -passin pass:demo -in root.csr -out root.crt
+ -name "$HOSTNAME" -inkey node_key.pem -in chain.pem \
+ -out node.p12
+
+echo ## Import Certificate Authority into keystore
+keytool -importcert -noprompt -keystore node.p12 -storepass changeit \
+ -alias "rootCA" -file ./rootCA/cacert.pem
+keytool -importcert -noprompt -keystore node.p12 -storepass changeit \
+ -alias "CA" -file ./CA/cacert.pem
+cp node.p12 ../init/node/
+
+echo ## Create 'root' user client certificate
+openssl req -new -newkey rsa:4096 -extensions user_ext \
+ -subj $USERS_BASE_DN/UID=root/ \
+ -keyout newkey.pem -passout pass:demo -out newcsr.pem
+openssl ca -preserveDN -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
+cat newcrt.pem ./CA/cacert.pem ./rootCA/cacert.pem > newchain.pem