-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KeytoolCertificateGenerator: Improve API and implementation #131
Comments
@SamBarker @franvila what do you think? |
I totally agree. This wasn't the best approach, but it was the only one I found to generate the certs. I didn't know bouncy castle but we could follow the same approach than strimzi if it fits to our goals. |
Like i say, this isn't meant as a criticism of existing work. It is just a realisation that we need something better. |
Just bumping this as I'm looking at Vault TLS testing, Vault wants a private key in PEM form which looks like we'd have to use a separate tool to extract if we start with Keystore as the source of keys. For this case we might want to generate the private key in PEM form and self-signed-cert in PEM with bouncycastle and import the cert into a java store. |
KeytoolCertificateGenerator
was a great start that has allowed us to quickly get testing TLS use-cases. However, its API is a bit weird and it relies on shelling out to command line tools.We should think about:
Also - as originally discussed on #120, it would be desirable if the generator supported other keystore formats, and the generated key material was available over an API to support the testing of richer TLS use-cases. It would also be good if it supported things like generating expired certificates, and certificate chains.
The text was updated successfully, but these errors were encountered: