| elinuxhenrik | 02cb601 | 2022-04-04 13:07:36 +0200 | [diff] [blame] | 1 | The keystore.jks and truststore.jks files are created by using the following commands (note that this is an example): |
| 2 | |
| 3 | 1) Create a CA certificate and a private key: |
| 4 | |
| 5 | openssl genrsa -des3 -out CA-key.pem 2048 |
| PatrikBuhr | c863c9f | 2023-01-03 13:43:35 +0100 | [diff] [blame] | 6 | openssl req -new -key CA-key.pem -x509 -days 3600 -out CA-cert.pem |
| elinuxhenrik | 02cb601 | 2022-04-04 13:07:36 +0200 | [diff] [blame] | 7 | |
| 8 | 2) Create a keystore with a private key entry that is signed by the CA: |
| 9 | |
| PatrikBuhr | c863c9f | 2023-01-03 13:43:35 +0100 | [diff] [blame] | 10 | Note: the "your name" must be "localhost" for the unittest to work. |
| 11 | |
| elinuxhenrik | 02cb601 | 2022-04-04 13:07:36 +0200 | [diff] [blame] | 12 | keytool -genkeypair -alias policy_agent -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass policy_agent |
| 13 | keytool -certreq -alias policy_agent -file request.csr -keystore keystore.jks -ext san=dns:your.domain.com -storepass policy_agent |
| PatrikBuhr | c863c9f | 2023-01-03 13:43:35 +0100 | [diff] [blame] | 14 | openssl x509 -req -days 3650 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem |
| elinuxhenrik | 02cb601 | 2022-04-04 13:07:36 +0200 | [diff] [blame] | 15 | keytool -importcert -alias ca_cert -file CA-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent |
| 16 | keytool -importcert -alias policy_agent -file ca_signed-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent |
| 17 | |
| 18 | |
| 19 | 3) Create a trust store containing the CA cert (to trust all certs signed by the CA): |
| 20 | |
| 21 | keytool -genkeypair -alias not_used -keyalg RSA -keysize 2048 -keystore truststore.jks -validity 3650 -storepass policy_agent |
| 22 | keytool -importcert -alias ca_cert -file CA-cert.pem -keystore truststore.jks -trustcacerts -storepass policy_agent |
| 23 | |
| 24 | |
| 25 | 4) Command for listing of the contents of jks files, examples: |
| 26 | keytool -list -v -keystore keystore.jks -storepass policy_agent |
| 27 | keytool -list -v -keystore truststore.jks -storepass policy_agent |
| 28 | |
| 29 | ## License |
| 30 | |
| 31 | ONAP : ccsdk oran |
| 32 | Copyright (C) 2020 Nordix Foundation. All rights reserved. |
| 33 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 34 | you may not use this file except in compliance with the License. |
| 35 | You may obtain a copy of the License at |
| 36 | |
| 37 | http://www.apache.org/licenses/LICENSE-2.0 |
| 38 | |
| 39 | Unless required by applicable law or agreed to in writing, software |
| 40 | distributed under the License is distributed on an "AS IS" BASIS, |
| 41 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 42 | See the License for the specific language governing permissions and |
| 43 | limitations under the License. |
| 44 | |