Google Git
Sign in
apache / incubator-retired-edgent / bdb2cd815bf34c6b83a36cc204a2954a909197ff / . / connectors / wsclient-javax.websocket / src / test / keystores / README
blob: 4419c2312c2983f1ac28def11f8ef6290ee05033 [file] [log] [blame]
#!/bin/sh
# The test's key and trust stores are created as follows.
# They have the password "passw0rd".
# general useful info on keytool & OpenSSL
# https://www.eclipse.org/jetty/documentation/9.3.0.v20150612/configuring-ssl.html
set -x
# ############################################
echo ============== server key and cert setup
# create server key&certificate and serverKeyStore.jks
keytool -genkey -validity 7300 -alias default -keyalg RSA \
-keypass passw0rd -storepass passw0rd -keystore serverKeyStore.jks <<xxEOFxx
Test Server default
IBM
IBM
Littleton
MA
US
yes
xxEOFxx
# export server cert to server.cer
keytool -export -alias default -file server.cer -storepass passw0rd -keystore serverKeyStore.jks
# create clientTrustStore.jks and import server cert
keytool -import -v -trustcacerts -alias default -file server.cer \
-keystore clientTrustStore.jks -storepass passw0rd <<xxEOFxx
yes
xxEOFxx
# ############################################
echo ============== client "default" key and cert setup
# create client certificate and clientKeyStore.jks
keytool -genkey -validity 7300 -alias default -keyalg RSA \
-keypass passw0rd -storepass passw0rd -keystore clientKeyStore.jks <<xxEOFxx
Test Client default
IBM
IBM
Littleton
MA
US
yes
xxEOFxx
# export client cert to client.cer
keytool -export -alias default -storepass passw0rd -file client.cer -keystore clientKeyStore.jks
# create serverTrustStore.jks and import client cert
keytool -import -v -trustcacerts -alias default -file client.cer \
-keystore serverTrustStore.jks -storepass passw0rd <<xxEOFxx
yes
xxEOFxx
# --------------------------------------------
# create 2nd client certificate with different alias (for cert selection testing)
# don't add to server's trust store
echo ============== client "my2ndcert" key and cert setup
keytool -genkey -validity 7300 -alias my2ndcert -keyalg RSA \
-keypass passw0rd -storepass passw0rd -keystore clientKeyStore.jks <<xxEOFxx
Test Client my2ndcert
IBM
IBM
Littleton
MA
US
yes
xxEOFxx
# --------------------------------------------
# create 3rd client certificate with different alias (for cert selection testing)
echo ============== client "my3rdcert" key and cert setup
keytool -genkey -validity 7300 -alias my3rdcert -keyalg RSA \
-keypass passw0rd -storepass passw0rd -keystore clientKeyStore.jks <<xxEOFxx
Test Client my3rdcert
IBM
IBM
Littleton
MA
US
yes
xxEOFxx
# export client cert to client.cer
keytool -export -alias my3rdcert -storepass passw0rd -file client.cer -keystore clientKeyStore.jks
# import client cert to server truststore
keytool -import -v -trustcacerts -alias my3rdcert -file client.cer \
-keystore serverTrustStore.jks -storepass passw0rd <<xxEOFxx
yes
xxEOFxx
# show store contents
echo ============== serverKeyStore
keytool -list -storepass passw0rd -keystore serverKeyStore.jks
echo ============== clientTrustStore
keytool -list -storepass passw0rd -keystore clientTrustStore.jks
echo ============== clientKeyStore
keytool -list -storepass passw0rd -keystore clientKeyStore.jks
echo ============== serverTrustStore
keytool -list -storepass passw0rd -keystore serverTrustStore.jks
rm -f server.cer client.cer