| # ==================================================================== |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # ==================================================================== |
| # |
| # This software consists of voluntary contributions made by many |
| # individuals on behalf of the Apache Software Foundation. For more |
| # information on the Apache Software Foundation, please see |
| # <http://www.apache.org/>. |
| |
| |
| *** Use Java 11 or older *** |
| |
| == generate test key store with a self signed key |
| |
| --- |
| keytool -genkey \ |
| -keystore test.12 -storepass nopassword \ |
| -keyalg RSA -keysize 2048 \ |
| -alias simple-http-server \ |
| -validity 100000 \ |
| -dname "CN=localhost, OU=Apache HttpComponents, O=Apache Software Foundation" \ |
| -ext SAN="DNS:localhost" |
| --- |
| |
| == generate test key store with a self signed key protected with a key password |
| |
| --- |
| keytool -genkey \ |
| -keystore test-keypasswd.p12 -storepass nopassword \ |
| -keyalg RSA -keysize 2048 \ |
| -alias simple-http-server \ |
| -validity 100000 \ |
| -dname "CN=localhost, OU=Apache HttpComponents, O=Apache Software Foundation" \ |
| -ext SAN="DNS:localhost" |
| --- |
| |
| == generate test CA |
| |
| --- |
| keytool -genkeypair \ |
| -keystore ca.p12 -storepass nopassword \ |
| -keyalg RSA -keysize 2048 \ |
| -alias ca \ |
| -validity 100000 \ |
| -dname "EMAILADDRESS=dev@hc.apache.org, CN=Test CA, OU=HttpComponents Project, O=Apache Software Foundation" \ |
| -ext KeyUsage:critical="keyCertSign" \ |
| -ext BasicConstraints:critical="ca:true" \ |
| -ext SAN="EMAIL:dev@hc.apache.org" |
| --- |
| |
| == export test CA certificate |
| |
| --- |
| keytool -export \ |
| -keystore ca.p12 -storepass nopassword \ |
| -alias ca \ |
| -file test-ca.crt \ |
| -rfc |
| --- |
| |
| == generate test server key |
| |
| --- |
| keytool -genkeypair \ |
| -keystore test-server.p12 -storepass nopassword \ |
| -keyalg RSA -keysize 2048 \ |
| -alias server \ |
| -validity 100000 \ |
| -dname "CN=Test Server, OU=HttpComponents Project, O=Apache Software Foundation" |
| --- |
| |
| == create server certificate signing request |
| |
| --- |
| keytool -certreq \ |
| -keystore test-server.p12 -storepass nopassword \ |
| -alias server \ |
| -file server.csr |
| --- |
| |
| == sign server certificate |
| |
| --- |
| keytool -gencert \ |
| -keystore ca.p12 -storepass nopassword \ |
| -alias ca \ |
| -validity 100000 \ |
| -infile server.csr \ |
| -outfile server.crt \ |
| -ext KeyUsage:critical="digitalSignature,keyEncipherment" \ |
| -ext EKU="serverAuth" \ |
| -ext SAN="DNS:localhost" \ |
| -rfc |
| --- |
| |
| == import CA root certificate and signed server certificate |
| |
| --- |
| keytool -importcert \ |
| -keystore test-server.p12 -storepass nopassword \ |
| -file test-ca.crt \ |
| -alias caroot |
| --- |
| keytool -importcert \ |
| -keystore test-server.p12 -storepass nopassword \ |
| -file server.crt \ |
| -alias server |
| --- |
| |
| == generate client keys |
| |
| --- |
| keytool -genkeypair \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -keyalg RSA -keysize 2048 \ |
| -alias client1 \ |
| -validity 100000 \ |
| -dname "CN=Test Client 1, OU=HttpComponents Project, O=Apache Software Foundation" |
| --- |
| keytool -genkeypair \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -keyalg RSA -keysize 2048 \ |
| -alias client2 \ |
| -validity 100000 \ |
| -dname "CN=Test Client 2, OU=HttpComponents Project, O=Apache Software Foundation" |
| --- |
| |
| == create client certificate signing requests |
| |
| --- |
| keytool -certreq \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -alias client1 \ |
| -file client1.csr |
| --- |
| keytool -certreq \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -alias client2 \ |
| -file client2.csr |
| --- |
| |
| == sign client certificates |
| |
| --- |
| keytool -gencert \ |
| -keystore ca.p12 -storepass nopassword \ |
| -alias ca \ |
| -validity 100000 \ |
| -infile client1.csr \ |
| -outfile client1.crt \ |
| -ext EKU="clientAuth" \ |
| -ext SAN="EMAIL:test-client-1@hc.apache.org" \ |
| -rfc |
| --- |
| keytool -gencert \ |
| -keystore ca.p12 -storepass nopassword \ |
| -alias ca \ |
| -validity 100000 \ |
| -infile client2.csr \ |
| -outfile client2.crt \ |
| -ext EKU="clientAuth" \ |
| -ext SAN="EMAIL:test-client-2@hc.apache.org" \ |
| -rfc |
| --- |
| |
| == import CA root certificate and signed server certificate |
| |
| --- |
| keytool -importcert \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -file test-ca.crt \ |
| -alias caroot |
| --- |
| keytool -importcert \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -file client1.crt \ |
| -alias client1 |
| --- |
| keytool -importcert \ |
| -keystore test-client.p12 -storepass nopassword \ |
| -file client2.crt \ |
| -alias client2 |
| --- |
| |