From 3df00e0cd5055b60893bcdaf652884b7d29b5811 Mon Sep 17 00:00:00 2001 From: Hugo Louro Date: Fri, 13 May 2016 15:46:50 -0700 Subject: [PATCH] STORM-1834: Documentation How to Generate Certificates For Local Testing SSL Setup --- SECURITY.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index c231547d742..95177320e68 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -124,6 +124,32 @@ If users want to setup 2-way auth 9. drpc.https.want.client.auth (If this set to true server requests for client certifcate authentication, but keeps the connection if no authentication provided) 10. drpc.https.need.client.auth (If this set to true server requires client to provide authentication) +#### GENERATE CERTIFICATES FOR LOCAL TESTING SSL SETUP + +Run the following script and fill in the values and passwords when prompted. The `keyalg` must be set to `RSA` + + +```bash +#!/bin/bash + +DIR=/Users/user/certs/dir/ + +keytool -keystore $DIR/server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey + +openssl req -new -x509 -keyout $DIR/ca-key -out $DIR/ca-cert -days 365 + +keytool -keystore $DIR/server.truststore.jks -alias CARoot -import -file $DIR/ca-cert + +keytool -keystore $DIR/client.truststore.jks -alias CARoot -import -file $DIR/ca-cert + +keytool -keystore $DIR/server.keystore.jks -alias localhost -certreq -file $DIR/cert-file + +openssl x509 -req -CA $DIR/ca-cert -CAkey $DIR/ca-key -in $DIR/cert-file -out $DIR/cert-signed -days 365 -CAcreateserial -passin pass:test12 + +keytool -keystore $DIR/server.keystore.jks -alias CARoot -import -file $DIR/ca-cert + +keytool -keystore $DIR/server.keystore.jks -alias localhost -import -file $DIR/cert-signed +```