Skip to content

How to run Always Encrypted tests locally

Jump to bottom
Cheena Malhotra edited this page Sep 7, 2018 · 5 revisions

Now that more Always Encrypted tests are showing up on GitHub, some users may be having trouble with running tests against the AE test suite, due to the necessary certificate files. This wiki explains in detail how to create the certificates.

How to generate the certificate files in Windows

Basically, we are going to manually perform the steps from Appveyor.yml:

  1. Start Powershell
  2. Cd to Desktop (or anywhere that you would like to create a folder that holds the certificates).
  3. Run the below commands:
mkdir AE_Certificates
cd AE_Certificates
$cert = New-SelfSignedCertificate -dns "AlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My
$pwd = ConvertTo-SecureString -String "password" -Force -AsPlainText
$path = 'cert:\CurrentUser\My\' + $cert.thumbprint
$certificate = Export-PfxCertificate -cert $path -FilePath cert.pfx -Password $pwd 
Get-ChildItem -path cert:\CurrentUser\My > certificate.txt
keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS -srcstorepass password -deststorepass password
keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStoreBase.txt
Get-Content .\JavaKeyStoreBase.txt | Set-Content -Encoding utf8 JavaKeyStore.txt
Remove-Item –path .\JavaKeyStoreBase.txt
  1. Four files, namely cert.pfx, certificate.txt, clientcert.jks, and JavaKeyStore.txt should have been created inside AE_Certificates folder.
  2. Copy those four files over to <your_cloned_branch_folder_directory>/target/test-classes/. (the target folder should be created when you compile the project. The target folder is on the same level as the src folder)

How to generate the certificate files in Linux

Basically, we are going to manually perform the steps from travis.yml:

  1. Start command line.
  2. Cd to Desktop (or anywhere that you would like to create a folder that holds the certificates).
  3. Run the below commands:
mkdir AE_Certificates
cd AE_Certificates
openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=SQL Server/CN=JDBC Driver" -nodes
openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -password pass:password
keytool -importkeystore -destkeystore clientcert.jks -deststorepass password -srckeystore identity.p12 -srcstoretype PKCS12 -srcstorepass password
keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStore.txt
  1. Four files, namely cert.pfx, certificate.txt, clientcert.jks, and JavaKeyStore.txt should have been created inside AE_Certificates folder.
  2. Copy those four files over to <your_cloned_branch_folder_directory>/target/test-classes/. (the target folder should be created when you compile the project. The target folder is on the same level as the src folder)
Clone this wiki locally