This example demonstrates how to configure ssl with a custom keystore and required key based client auth using a plain DOSGi service with a custom intent.
We want the karaf HttpService to be secured by https and require a client certificate for authentication.
mkdir -p etc/keystores # Create server key keytool -genkey -dname CN=localhost -keyalg RSA -validity 100000 -alias serverkey -keypass password -storepass password -keystore etc/keystores/keystore.jks # Create client key and add to keystore as trusted keytool -genkey -dname CN=chris -keyalg RSA -validity 100000 -alias clientkey -keypass password -storepass password -keystore etc/keystores/client.jks keytool -export -rfc -keystore etc/keystores/client.jks -storepass password -alias clientkey -file client.cer keytool -import -trustcacerts -keystore etc/keystores/keystore.jks -storepass password -alias clientkey -file client.cer # Export client cert as pkcs12 for browser keytool -importkeystore -srckeystore etc/keystores/client.jks -destkeystore etc/keystores/client.p12 -deststoretype PKCS12 # Export server cert keytool -exportcert -storepass password -keystore etc/keystores/keystore.jks -alias serverKey -file server.cert # Import server cert into client store keytool -importcert -storepass password -keystore etc/keystores/client.jks -alias serverKey -file server.cert
install -s mvn:org.apache.cxf.dosgi.samples/cxf-dosgi-ri-samples-ssl-interface/2.0_SNAPSHOT install -s mvn:org.apache.cxf.dosgi.samples/cxf-dosgi-ri-samples-ssl-impl/2.0-SNAPSHOT
install -s mvn:org.apache.cxf.dosgi.samples/cxf-dosgi-ri-samples-ssl-client/2.0-SNAPSHOT