X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=demo%2Fssl%2Fssl.sh;h=f2bf1e6225de7ebd27428fa5128fbc6b360f817e;hb=18af628c072e386420f03261ab207a72341a0a1b;hp=89009735eb31d55bd2d5ac289c91053147099e36;hpb=0908aafa7dd95c0014fb1f6b9d5f94c024fe265c;p=lgpl%2Fargeo-commons.git

diff --git a/demo/ssl/ssl.sh b/demo/ssl/ssl.sh
index 89009735e..f2bf1e622 100644
--- a/demo/ssl/ssl.sh
+++ b/demo/ssl/ssl.sh
@@ -5,46 +5,50 @@
 # all *.p12 passwords are 'demo'
 # all *.jks passwords are 'changeit'
 
+SERVER_DN=/C=DE/O=Example/OU=Systems/CN=apps.example.com/
+USERS_BASE_DN=/DC=com/DC=example/OU=users
+
 export OPENSSL_CONF=./openssl.cnf
 export CATOP=./CA
 
 /etc/pki/tls/misc/CA -newca
 
-openssl req -x509 -new -newkey rsa:1024 -extensions server_ext -days 3650 \
- -subj /C=DE/ST=Berlin/O=Example/OU=Systems/CN=localhost/ \
+openssl req -x509 -new -newkey rsa:1024 -extensions server_ext -days 365 \
+ -subj $SERVER_DN \
  -keyout newkey.pem -passout pass:demo -out newcrt.pem
  
 openssl pkcs12 -export -passin pass:demo -passout pass:changeit \
  -name "jetty" -inkey newkey.pem -in newcrt.pem \
+ -certfile ./CA/cacert.pem \
  -out server.p12
  
  # Convert PKCS12 keystore into a JKS keystore
 keytool -importkeystore \
  -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass changeit \
  -alias jetty  -destkeystore server.jks -deststorepass changeit
-rm -f server.p12
+#rm -f server.p12
 
 # Import People CA
 keytool -importcert -keystore server.jks -storepass changeit \
  -alias CA -file CA/cacert.pem
 
 # root user
-openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \
- -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=root/ \
+openssl req -new -newkey rsa:1024 -extensions user_ext -days 365 \
+ -subj $USERS_BASE_DN/UID=root/ \
  -keyout newkey.pem -passout pass:demo -out newcsr.pem
-openssl ca -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
+openssl ca -preserveDN -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
 openssl pkcs12 -export -passin pass:demo -passout pass:demo \
  -name "root" -inkey newkey.pem -in newcrt.pem \
  -out root.p12
 
 # demo user
-openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \
- -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=demo/ \
- -keyout newkey.pem -passout pass:demo -out newcsr.pem
-openssl ca -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
-openssl pkcs12 -export -passin pass:demo -passout pass:demo \
- -name "demo" -inkey newkey.pem -in newcrt.pem \
- -out demo.p12
+#openssl req -new -newkey rsa:1024 -extensions user_ext -days 365 \
+# -subj $USERS_BASE_DN/UID=demo/ \
+# -keyout newkey.pem -passout pass:demo -out newcsr.pem
+#openssl ca -preserveDN -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
+#openssl pkcs12 -export -passin pass:demo -passout pass:demo \
+# -name "demo" -inkey newkey.pem -in newcrt.pem \
+# -out demo.p12
 
 # Clean up
-rm -vf new*.pem
+#rm -vf new*.pem