Created
April 21, 2014 11:40
-
-
Save setap/11140291 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| ## SC-SM SSL Certificates Creator (client component) | |
| ## | |
| ## This batch file facilitates the creation of the SSL certificates that are needed to setup SSL encryption for Service Manager 7.0x. | |
| ## | |
| ## Run this batch file with the fully-qualified domain name of the client machine as the first argument (%1), from the command line : | |
| ## | |
| ## \prompt>tso_cln_svlt <fully-qualified domain name> | |
| ## | |
| ## Rerun this batch file for each client machine to create a unique | |
| ## set of certificates for the Service Manager Eclipse or Web client. | |
| ## | |
| ##-------------------------------------------------------------------- | |
| ## Openssl settings | |
| ## | |
| ## This batch file uses the openssl.conf file as input for the the openssl program. All _default values can be set according to your | |
| ## organisation. | |
| ##-------------------------------------------------------------------- | |
| export OPENSSL=./bin/openssl | |
| ## Java Settings | |
| ## | |
| ## set the JAVA_HOME variable to the installation path of the JRE you | |
| ## want to use. | |
| ## | |
| ##-------------------------------------------------------------------- | |
| export JAVA_HOME="/usr/java/jdk1.7.0_45/jre" | |
| export KEYTOOL=$JAVA_HOME/bin/keytool | |
| ## Password settings | |
| ## | |
| ## These are the default password settings used by the openssl and | |
| ## keytool programs. All passwords can be changed, EXCEPT the | |
| ## CACERT_PASSWD, as this is the default password ## that the SUN | |
| ## cacert from the JRE uses..!! | |
| ## | |
| ##-------------------------------------------------------------------- | |
| export CAROOT_PASSWD=caroot | |
| export CACERT_PASSWD=changeit | |
| export SERVER_KEYSTORE_PASSWD=serverkeystore | |
| export CLIENT_KEYSTORE_PASSWD=clientkeystore | |
| export TRUSTEDCLIENTS_KEYSTORE_PASSWD=trustedclients | |
| ###################################################################### | |
| # Only do this step if run from a different machine than the one that | |
| # created the server certs | |
| ###################################################################### | |
| # copy %JAVA_HOME%\lib\security\cacerts %JAVA_HOME%\lib\security\cacerts.origcopy | |
| #copy %SSL_CERT_HOME%\certs\cacerts %JAVA_HOME%\lib\security | |
| echo "Client Key and Certificate creation" | |
| ##-------------------------------------------------------------------- | |
| ## Client Key & Certficate generation | |
| ##-------------------------------------------------------------------- | |
| #generate private client key and keystore | |
| echo "_________________________________________________________________________" | |
| echo "Creating the Client keystore (%1.keystore)" | |
| $KEYTOOL -genkey -alias localclient -keystore ./key/localclient.keystore -storepass $CLIENT_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
| #generate the Client request certificate to be signed using our CA key | |
| #& cert | |
| echo "_________________________________________________________________________" | |
| echo "Generating the Client request certificate (clientcert_request.crs)" | |
| $KEYTOOL -certreq -alias localclient -keystore key/localclient.keystore -file ./crs/clientcert_request.crs -storepass $CLIENT_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
| #sign the Client certificate using our CA | |
| echo "-------------------------------------" | |
| echo "Signing the Client request certificate (scclientcert.pem)" | |
| $OPENSSL x509 -req -days 1095 -in ./crs/clientcert_request.crs -CA ./certs/mycacert.pem -CAkey ./key/cakey.pem -CAcreateserial -out ./certs/scclientcert.pem -passin pass:$CAROOT_PASSWD | |
| echo "_________________________________________________________________________" | |
| #import the client certificate into the keystore | |
| echo "_________________________________________________________________________" | |
| echo "Importing Client certificate into Client keystore" | |
| $KEYTOOL -import -trustcacerts -alias localclient -keystore ./key/localclient.keystore -file ./certs/scclientcert.pem -storepass $CLIENT_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
| ##-------------------------------------------------------------------- | |
| ## Adding the client Certificate to Trusted Keystore | |
| ##-------------------------------------------------------------------- | |
| #export client public key/certificate | |
| echo "_________________________________________________________________________" | |
| echo "Exporting Client public certificate from Client keystore (clientpubkey.cert)" | |
| $KEYTOOL -export -alias localclient -keystore ./key/localclient.keystore -file ./certs/clientpubkey.cert -storepass $CLIENT_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
| #import public key/certificate into the keystore | |
| echo "_________________________________________________________________________" | |
| echo "Importing Client public certificate into Trustedclients keystore (trustedclients.keystore)" | |
| $KEYTOOL -import -alias localclient -file ./certs/clientpubkey.cert -keystore ./certs/trustedclients.keystore -storepass $TRUSTEDCLIENTS_KEYSTORE_PASSWD | |
| echo "_________________________________________________________________________" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment