From: Mathieu Baudier Date: Wed, 25 Feb 2015 17:53:46 +0000 (+0000) Subject: SSL working X-Git-Tag: argeo-commons-2.1.30~323 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=1741158d97165aae922222c0d75adc7655485218;p=lgpl%2Fargeo-commons.git SSL working git-svn-id: https://svn.argeo.org/commons/trunk@7956 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/demo/argeo_node_rap.properties b/demo/argeo_node_rap.properties index 1593d1180..59267f45e 100644 --- a/demo/argeo_node_rap.properties +++ b/demo/argeo_node_rap.properties @@ -14,9 +14,21 @@ org.eclipse.equinox.http.registry,\ #argeo.node.repo.maxCacheMB=128 -org.osgi.service.http.port=7080 +# HTTP +org.osgi.service.http.port=7070 org.eclipse.equinox.http.jetty.log.stderr.threshold=info +# HTTPS +org.osgi.service.http.port.secure=7073 +org.eclipse.equinox.http.jetty.https.enabled=true +org.eclipse.equinox.http.jetty.ssl.keystore=../../ssl/server.jks +org.eclipse.equinox.http.jetty.ssl.password=changeit +org.eclipse.equinox.http.jetty.ssl.wantclientauth=true + +# In order to configure demo certificates, run: +# cd ssl; sh ./ssl.sh; + +# i18n argeo.i18n.availableLocales=en,fr,de,ru,ar eclipse.registry.MultiLanguage=true diff --git a/demo/ssl/ssl.sh b/demo/ssl/ssl.sh index 95bb2320a..43c569ba9 100644 --- a/demo/ssl/ssl.sh +++ b/demo/ssl/ssl.sh @@ -1,5 +1,8 @@ #!/bin/sh +# COMPLETELY UNSAFE - FOR DEVELOPMENT ONLY +# Run this script from its directory + export OPENSSL_CONF=./openssl.cnf export CATOP=./CA @@ -7,30 +10,41 @@ export CATOP=./CA openssl req -x509 -new -newkey rsa:1024 -extensions server_ext -days 3650 \ -subj /C=DE/ST=Berlin/O=Example/OU=Systems/CN=localhost/ \ - -keyout server.key -passout pass:demo -out server.crt + -keyout newkey.pem -passout pass:demo -out newcrt.pem openssl pkcs12 -export -passin pass:demo -passout pass:changeit \ - -name "jetty" -inkey server.key -in server.crt \ + -name "jetty" -inkey newkey.pem -in newcrt.pem \ -out server.p12 # Convert PKCS12 keystore into a JKS keystore keytool -importkeystore \ -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass changeit \ -alias jetty -destkeystore server.jks -deststorepass changeit +rm -f server.p12 # Import People CA keytool -importcert -keystore server.jks -storepass changeit \ -alias CA -file CA/cacert.pem +# root user openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \ -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=root/ \ - -keyout root.key -passout pass:demo -out root.csr -openssl ca -batch -passin pass:demo -in root.csr -out root.crt + -keyout newkey.pem -passout pass:demo -out newcsr.pem +openssl ca -batch -passin pass:demo -in newcsr.pem -out newcrt.pem openssl pkcs12 -export -passin pass:demo -passout pass:demo \ - -name "root" -inkey root.key -in root.crt \ + -name "root" -inkey newkey.pem -in newcrt.pem \ -out root.p12 -# Clean +# demo user +openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \ + -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=demo/ \ + -keyout newkey.pem -passout pass:demo -out newcsr.pem +openssl ca -batch -passin pass:demo -in newcsr.pem -out newcrt.pem +openssl pkcs12 -export -passin pass:demo -passout pass:demo \ + -name "demo" -inkey newkey.pem -in newcrt.pem \ + -out demo.p12 + +# Clean up rm -vf new*.pem -rm -vf root.csr root.key root.crt -rm -vf server.p12 server.crt server.key +#rm -vf root.csr root.key root.crt +#rm -vf server.p12 server.crt server.key