output/test/keys.html - thrift-website - Git at Google

 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
     <meta content="en-us" http-equiv="Content-Language" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0">

     <link href="/static/images/favicon.ico" rel="shortcut icon" />
     <link href="/static/css/style.css" rel="stylesheet" type="text/css" />
     <link href="/static/css/codehilite.css" rel="stylesheet" type="text/css" />
     <link href="/static/css/bootstrap.css" media="screen, projection" rel="stylesheet" type="text/css" />
     <link href="/static/css/thrift.css" media="screen, projection" rel="stylesheet" type="text/css" />

     <script src="/static/js/jquery.min.js"></script>
     <script src="/static/js/bootstrap-dropdown.js"></script>
     <script src="/static/js/bootstrap-tab.js"></script>
     <script src="/static/js/thrift.js"></script>

     <title>Apache Thrift - Keys</title>
   </head>
   <body>
     <div class="navbar">
   <div class="navbar-inner">
     <div class="container">
       <a class="brand" href="/">Apache Thrift &trade;</a>
       <div class="nav-collapse">
         <ul class="nav pull-right">
           <li><a href="/download">Download</a></li>
           <li><a href="/docs">Documentation</a></li>
           <li><a href="/developers">Developers</a></li>
           <li><a href="/lib">Libraries</a></li>
           <li><a href="/tutorial">Tutorial</a></li>
           <li><a href="/test">Test Suite</a></li>
           <li><a href="/about">About</a></li>
           <li class="dropdown">
             <a href="#" class="dropdown-toggle" data-toggle="dropdown">Apache <b class="caret"></b></a>
             <ul class="dropdown-menu">
               <li><a href="http://www.apache.org/" target="_blank">Apache Home</a></li>
               <li><a href="http://www.apache.org/licenses/" target="_blank">Apache License v2.0</a></li>
               <li><a href="http://www.apache.org/foundation/sponsorship.html" target="_blank">Donate</a></li>
               <li><a href="http://www.apache.org/foundation/thanks.html" target="_blank">Thanks</a></li>
               <li><a href="http://www.apache.org/security/" target="_blank">Security</a></li>
             </ul>
           </li>
         </ul>
       </div>
     </div>
   </div>
 </div>

     <div class="container">

 <h1 id="test-keys-and-certificates">Test Keys and Certificates</h1>
 <p>This folder is dedicated to test keys and certificates provided in multiple formats.
 Primary use are unit test suites and cross language tests.</p>

 <pre><code>test/keys
 </code></pre>

 <p><strong>The files in this directory must never be used on production systems.</strong></p>

 <h2 id="ssl-keys-and-certificates">SSL Keys and Certificates</h2>

 <h2 id="create-certificates">create certificates</h2>

 <p>we use the following parameters for test key and certificate creation</p>

 <pre><code>C=US,
 ST=Maryland,
 L=Forest Hill,
 O=The Apache Software Foundation,
 OU=Apache Thrift,
 CN=localhost/emailAddress=dev@thrift.apache.org
 </code></pre>

 <h3 id="create-self-signed-server-key-and-certificate">create self-signed server key and certificate</h3>

 <pre><code>openssl req -new -x509 -nodes  -days 3000 -out server.crt -keyout server.key
 openssl x509 -in server.crt -text &gt; CA.pem
 cat server.crt server.key &gt; server.pem
 </code></pre>

 <p>Export password is “thrift” without the quotes</p>

 <pre><code>openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
 </code></pre>

 <h3 id="create-client-key-and-certificate">create client key and certificate</h3>

 <pre><code>openssl genrsa -out client.key
 </code></pre>

 <p>create a signing request:</p>

 <pre><code>openssl req -new -key client.key -out client.csr
 </code></pre>

 <p>sign the client certificate with the server.key</p>

 <pre><code>openssl x509 -req -days 3000 -in client.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client.crt
 </code></pre>

 <p>export certificate in PKCS12 format (Export password is “thrift” without the quotes)</p>

 <pre><code>openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
 </code></pre>

 <p>export certificate in PEM format for OpenSSL usage</p>

 <pre><code>openssl pkcs12 -in client.p12 -out client.pem -clcerts
 </code></pre>

 <h3 id="create-client-key-and-certificate-with-altnames">create client key and certificate with altnames</h3>

 <p>copy openssl.cnf from your system e.g. /etc/ssl/openssl.cnf and append following to the end of [ v3_req ]</p>

 <pre><code>subjectAltName=@alternate_names

 [ alternate_names ]
 IP.1=127.0.0.1
 IP.2=::1
 IP.3=::ffff:127.0.0.1
 </code></pre>

 <p>create a signing request:</p>

 <pre><code>openssl req -new -key client_v3.key -out client_v3.csr -config openssl.cnf \
     -subj "/C=US/ST=Maryland/L=Forest Hill/O=The Apache Software Foundation/OU=Apache Thrift/CN=localhost" -extensions v3_req
 </code></pre>

 <p>sign the client certificate with the server.key</p>

 <pre><code>openssl x509 -req -days 3000 -in client_v3.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client_v3.crt -extensions v3_req -extfile openssl.cnf
 </code></pre>

 <h2 id="java-key-and-certificate-import">Java key and certificate import</h2>
 <p>Java Test Environment uses key and trust store password “thrift” without the quotes</p>

 <p>list keystore entries</p>

 <pre><code>keytool -list -storepass thrift -keystore ../../lib/java/test/.keystore
 </code></pre>

 <p>list truststore entries</p>

 <pre><code>keytool -list -storepass thrift -keystore ../../lib/java/test/.truststore
 </code></pre>

 <p>delete an entry</p>

 <pre><code>keytool -delete -storepass thrift -keystore ../../lib/java/test/.truststore -alias ssltest
 </code></pre>

 <p>import certificate into truststore</p>

 <pre><code>keytool -importcert -storepass thrift -keystore ../../lib/java/test/.truststore -alias localhost --file server.crt
 </code></pre>

 <p>import key into keystore</p>

 <pre><code>keytool -importkeystore -storepass thrift -keystore ../../lib/java/test/.keystore -srcstoretype pkcs12 -srckeystore server.p12
 </code></pre>

 <h1 id="test-ssl-server-and-clients">Test SSL server and clients</h1>

 <pre><code>openssl s_client -connect localhost:9090
 openssl s_server -accept 9090 -www
 </code></pre>

 <p class="snippet_footer">This page was generated by Apache Thrift's <strong>source tree docs</strong>:
 <a href="https://gitbox.apache.org/repos/asf?p=thrift.git;a=blob;hb=HEAD;f=test/keys/README.md">test/keys/README.md</a>
 </p>


     </div>
     <div class="container">
   <hr>
   <footer class="footer">
     <div class="row">
       <div class="span3">
         <h3>Links</h3>
         <ul class="unstyled">
           <li><a href="/download">Download</a></li>
           <li><a href="/developers">Developers</a></li>
           <li><a href="/tutorial">Tutorials</a></li>
         </ul>
         <ul class="unstyled">
           <li><a href="/sitemap">Sitemap</a></li>
         </ul>
       </div>
       <div class="span3">
         <h3>Get Involved</h3>
         <ul class="unstyled">
           <li><a href="/mailing">Mailing Lists</a></li>
           <li><a href="http://issues.apache.org/jira/browse/THRIFT">Issue Tracking</a></li>
           <li><a href="/docs/HowToContribute">How To Contribute</a></li>
         </ul>
       </div>
       <div class="span6">
         <a href="http://www.apache.org/"><img src="/static/images/feather.svg" onerror="this.src='/static/images/feather.png';this.onerror=null;" /></a>
         Copyright &copy; 2024 <a href="http://www.apache.org/">Apache Software Foundation</a>.
         Licensed under the <a href="http://www.apache.org/licenses/">Apache License v2.0</a>.
         Apache, Apache Thrift, and the Apache feather logo are trademarks of The Apache Software Foundation.
       </div>
     </div>
   </footer>
 </div>

   </body>
 </html>
	<!DOCTYPE html>
	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
	<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
	<meta content="en-us" http-equiv="Content-Language" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<link href="/static/images/favicon.ico" rel="shortcut icon" />
	<link href="/static/css/style.css" rel="stylesheet" type="text/css" />
	<link href="/static/css/codehilite.css" rel="stylesheet" type="text/css" />
	<link href="/static/css/bootstrap.css" media="screen, projection" rel="stylesheet" type="text/css" />
	<link href="/static/css/thrift.css" media="screen, projection" rel="stylesheet" type="text/css" />

	<script src="/static/js/jquery.min.js"></script>
	<script src="/static/js/bootstrap-dropdown.js"></script>
	<script src="/static/js/bootstrap-tab.js"></script>
	<script src="/static/js/thrift.js"></script>

	<title>Apache Thrift - Keys</title>
	</head>
	<body>
	<div class="navbar">
	<div class="navbar-inner">
	<div class="container">
	<a class="brand" href="/">Apache Thrift ™</a>
	<div class="nav-collapse">
	<ul class="nav pull-right">
	<li><a href="/download">Download</a></li>
	<li><a href="/docs">Documentation</a></li>
	<li><a href="/developers">Developers</a></li>
	<li><a href="/lib">Libraries</a></li>
	<li><a href="/tutorial">Tutorial</a></li>
	<li><a href="/test">Test Suite</a></li>
	<li><a href="/about">About</a></li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Apache <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="http://www.apache.org/" target="_blank">Apache Home</a></li>
	<li><a href="http://www.apache.org/licenses/" target="_blank">Apache License v2.0</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html" target="_blank">Donate</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html" target="_blank">Thanks</a></li>
	<li><a href="http://www.apache.org/security/" target="_blank">Security</a></li>
	</ul>
	</li>
	</ul>
	</div>
	</div>
	</div>
	</div>

	<div class="container">

	<h1 id="test-keys-and-certificates">Test Keys and Certificates</h1>
	<p>This folder is dedicated to test keys and certificates provided in multiple formats.
	Primary use are unit test suites and cross language tests.</p>

	<pre><code>test/keys
	</code></pre>

	<p><strong>The files in this directory must never be used on production systems.</strong></p>

	<h2 id="ssl-keys-and-certificates">SSL Keys and Certificates</h2>

	<h2 id="create-certificates">create certificates</h2>

	<p>we use the following parameters for test key and certificate creation</p>

	<pre><code>C=US,
	ST=Maryland,
	L=Forest Hill,
	O=The Apache Software Foundation,
	OU=Apache Thrift,
	CN=localhost/emailAddress=dev@thrift.apache.org
	</code></pre>

	<h3 id="create-self-signed-server-key-and-certificate">create self-signed server key and certificate</h3>

	<pre><code>openssl req -new -x509 -nodes -days 3000 -out server.crt -keyout server.key
	openssl x509 -in server.crt -text > CA.pem
	cat server.crt server.key > server.pem
	</code></pre>

	<p>Export password is “thrift” without the quotes</p>

	<pre><code>openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
	</code></pre>

	<h3 id="create-client-key-and-certificate">create client key and certificate</h3>

	<pre><code>openssl genrsa -out client.key
	</code></pre>

	<p>create a signing request:</p>

	<pre><code>openssl req -new -key client.key -out client.csr
	</code></pre>

	<p>sign the client certificate with the server.key</p>

	<pre><code>openssl x509 -req -days 3000 -in client.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client.crt
	</code></pre>

	<p>export certificate in PKCS12 format (Export password is “thrift” without the quotes)</p>

	<pre><code>openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
	</code></pre>

	<p>export certificate in PEM format for OpenSSL usage</p>

	<pre><code>openssl pkcs12 -in client.p12 -out client.pem -clcerts
	</code></pre>

	<h3 id="create-client-key-and-certificate-with-altnames">create client key and certificate with altnames</h3>

	<p>copy openssl.cnf from your system e.g. /etc/ssl/openssl.cnf and append following to the end of [ v3_req ]</p>

	<pre><code>subjectAltName=@alternate_names

	[ alternate_names ]
	IP.1=127.0.0.1
	IP.2=::1
	IP.3=::ffff:127.0.0.1
	</code></pre>

	<p>create a signing request:</p>

	<pre><code>openssl req -new -key client_v3.key -out client_v3.csr -config openssl.cnf \
	-subj "/C=US/ST=Maryland/L=Forest Hill/O=The Apache Software Foundation/OU=Apache Thrift/CN=localhost" -extensions v3_req
	</code></pre>

	<p>sign the client certificate with the server.key</p>

	<pre><code>openssl x509 -req -days 3000 -in client_v3.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client_v3.crt -extensions v3_req -extfile openssl.cnf
	</code></pre>

	<h2 id="java-key-and-certificate-import">Java key and certificate import</h2>
	<p>Java Test Environment uses key and trust store password “thrift” without the quotes</p>

	<p>list keystore entries</p>

	<pre><code>keytool -list -storepass thrift -keystore ../../lib/java/test/.keystore
	</code></pre>

	<p>list truststore entries</p>

	<pre><code>keytool -list -storepass thrift -keystore ../../lib/java/test/.truststore
	</code></pre>

	<p>delete an entry</p>

	<pre><code>keytool -delete -storepass thrift -keystore ../../lib/java/test/.truststore -alias ssltest
	</code></pre>

	<p>import certificate into truststore</p>

	<pre><code>keytool -importcert -storepass thrift -keystore ../../lib/java/test/.truststore -alias localhost --file server.crt
	</code></pre>

	<p>import key into keystore</p>

	<pre><code>keytool -importkeystore -storepass thrift -keystore ../../lib/java/test/.keystore -srcstoretype pkcs12 -srckeystore server.p12
	</code></pre>

	<h1 id="test-ssl-server-and-clients">Test SSL server and clients</h1>

	<pre><code>openssl s_client -connect localhost:9090
	openssl s_server -accept 9090 -www
	</code></pre>

	<p class="snippet_footer">This page was generated by Apache Thrift's <strong>source tree docs</strong>:
	<a href="https://gitbox.apache.org/repos/asf?p=thrift.git;a=blob;hb=HEAD;f=test/keys/README.md">test/keys/README.md</a>
	</p>


	</div>
	<div class="container">
	<hr>
	<footer class="footer">
	<div class="row">
	<div class="span3">
	<h3>Links</h3>
	<ul class="unstyled">
	<li><a href="/download">Download</a></li>
	<li><a href="/developers">Developers</a></li>
	<li><a href="/tutorial">Tutorials</a></li>
	</ul>
	<ul class="unstyled">
	<li><a href="/sitemap">Sitemap</a></li>
	</ul>
	</div>
	<div class="span3">
	<h3>Get Involved</h3>
	<ul class="unstyled">
	<li><a href="/mailing">Mailing Lists</a></li>
	<li><a href="http://issues.apache.org/jira/browse/THRIFT">Issue Tracking</a></li>
	<li><a href="/docs/HowToContribute">How To Contribute</a></li>
	</ul>
	</div>
	<div class="span6">
	<a href="http://www.apache.org/"><img src="/static/images/feather.svg" onerror="this.src='/static/images/feather.png';this.onerror=null;" /></a>
	Copyright © 2024 <a href="http://www.apache.org/">Apache Software Foundation</a>.
	Licensed under the <a href="http://www.apache.org/licenses/">Apache License v2.0</a>.
	Apache, Apache Thrift, and the Apache feather logo are trademarks of The Apache Software Foundation.
	</div>
	</div>
	</footer>
	</div>

	</body>
	</html>