Created
April 21, 2014 11:39
-
-
Save setap/11140268 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export JAVA_HOME="/usr/java/jdk1.7.0_45/jre" | |
| export KEYTOOL=$JAVA_HOME/bin/keytool | |
| # Password settings | |
| # | |
| # These are the default password settings used by the openssl and | |
| # keytool programs. All passwords can be changed, EXCEPT the | |
| # CACERT_PASSWD, as this is the default password that the SUN cacert | |
| # from the JRE uses! | |
| # | |
| #-------------------------------------------------------------------- | |
| export CAROOT_PASSWD=caroot | |
| export CACERT_PASSWD=changeit | |
| export SERVER_KEYSTORE_PASSWD=serverkeystore | |
| export CLIENT_KEYSTORE_PASSWD=clientkeystore | |
| export TRUSTEDCLIENTS_KEYSTORE_PASSWD=trustedclients | |
| export OPENSSL=./bin/openssl | |
| # | |
| rm -fvr ./key | |
| rm -fvr ./certs | |
| rm -fvr ./crs | |
| # | |
| mkdir ./key | |
| mkdir ./certs | |
| mkdir ./crs | |
| # | |
| cp -fv $JAVA_HOME/lib/security/cacerts $JAVA_HOME/lib/security/cacerts.orig | |
| cp -fv $JAVA_HOME/lib/security/cacerts ./certs/cacerts | |
| # | |
| #------------------------------------------------------------------- | |
| # Private Key & Root Certificate generation | |
| #------------------------------------------------------------------- | |
| # | |
| echo "Create the private key for your private CA" | |
| echo "Creating a Self-Signed Certificate (cakey.pem)" | |
| $OPENSSL genrsa -des3 -passout pass:$CAROOT_PASSWD -out ./key/cakey.pem 2048 | |
| echo "_________________________________________________________________________" | |
| echo "create the root CA cert" | |
| echo "_________________________________________________________________________" | |
| echo "Creating the root ca certificate (mycacert.pem)" | |
| $OPENSSL req -new -key ./key/cakey.pem -x509 -days 1095 -out ./certs/mycacert.pem -config ./openssl.conf -passin pass:$CAROOT_PASSWD | |
| echo "_________________________________________________________________________" | |
| echo "import the certificate into the System-wide keystore" | |
| echo "_________________________________________________________________________" | |
| echo "Importing the certificate into the System-wide keystore (cacerts)" | |
| $KEYTOOL -import -keystore ./certs/cacerts -trustcacerts -alias servicemanager -file ./certs/mycacert.pem -storepass $CACERT_PASSWD | |
| echo "_________________________________________________________________________" | |
| cp ./certs/cacerts $JAVA_HOME/lib/security | |
| ##-------------------------------------------------------------------- | |
| ## Server Key & Certficate generation | |
| ##-------------------------------------------------------------------- | |
| #generate private server key and keystore | |
| echo "_________________________________________________________________________" | |
| echo "Creating the Server keystore (server.keystore)" | |
| $KEYTOOL -genkey -alias smserver -keystore ./key/server.keystore -storepass $SERVER_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
| #generate the server request certificate to be signed using our CA key & cert | |
| echo "_________________________________________________________________________" | |
| echo "Generating the Server request certificate (servercert_request.crs)" | |
| $KEYTOOL -certreq -alias smserver -keystore ./key/server.keystore -file ./crs/servercert_request.crs -storepass $SERVER_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
| #sign the server request certificate using our CA | |
| echo "_________________________________________________________________________" | |
| echo "Signing the Server request certificate (smservercert.pem)" | |
| $OPENSSL x509 -req -days 1095 -in ./crs/servercert_request.crs -CA ./certs/mycacert.pem -CAkey ./key/cakey.pem -CAcreateserial -out ./certs/smservercert.pem -passin pass:$CAROOT_PASSWD | |
| echo "_________________________________________________________________________" | |
| #import the server certificate into the keystore | |
| echo "_________________________________________________________________________" | |
| echo "Importing Server certificate into Server keystore" | |
| $KEYTOOL -import -trustcacerts -alias smserver -keystore ./key/server.keystore -file ./certs/smservercert.pem -storepass $SERVER_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment