API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 27th, 2016
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.77 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. rm *.jks 2> /dev/null
  4. rm *.pem 2> /dev/null
  5.  
  6. echo "===================================================="
  7. echo "Creating fake third-party chain root -> ca"
  8. echo "===================================================="
  9.  
  10. # generate private keys (for root and ca)
  11.  
  12. keytool -genkeypair -alias root -dname "cn=Local Network - Development" -validity 10000 -keyalg RSA -keysize 2048 -ext bc:c -keystore root.jks -keypass password -storepass password
  13. keytool -genkeypair -alias ca -dname "cn=Local Network - Development" -validity 10000 -keyalg RSA -keysize 2048 -ext bc:c -keystore ca.jks -keypass password -storepass password
  14.  
  15. # generate root certificate
  16.  
  17. keytool -exportcert -rfc -keystore root.jks -alias root -storepass password > root.pem
  18.  
  19. # generate a certificate for ca signed by root (root -> ca)
  20.  
  21. keytool -keystore ca.jks -storepass password -certreq -alias ca \
  22. | keytool -keystore root.jks -storepass password -gencert -alias root -ext bc=0 -ext san=dns:ca -rfc > ca.pem
  23.  
  24. # import ca cert chain into ca.jks
  25.  
  26. keytool -keystore ca.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem
  27. keytool -keystore ca.jks -storepass password -importcert -alias ca -file ca.pem
  28.  
  29. echo "===================================================================="
  30. echo "Fake third-party chain generated. Now generating my-keystore.jks ..."
  31. echo "===================================================================="
  32.  
  33. # generate private keys (for server)
  34.  
  35. keytool -genkeypair -alias server -dname cn=server -validity 10000 -keyalg RSA -keysize 2048 -keystore my-keystore.jks -keypass password -storepass password
  36.  
  37. # generate a certificate for server signed by ca (root -> ca -> server)
  38.  
  39. keytool -keystore my-keystore.jks -storepass password -certreq -alias server \
  40. | keytool -keystore ca.jks -storepass password -gencert -alias ca -ext ku:c=dig,keyEnc -ext "san=dns:localhost,ip:192.1.1.18" -ext eku=sa,ca -rfc > server.pem
  41.  
  42. # import server cert chain into my-keystore.jks
  43.  
  44. keytool -keystore my-keystore.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem
  45. keytool -keystore my-keystore.jks -storepass password -importcert -alias ca -file ca.pem
  46. keytool -keystore my-keystore.jks -storepass password -importcert -alias server -file server.pem
  47.  
  48. echo "================================================="
  49. echo "Keystore generated. Now generating truststore ..."
  50. echo "================================================="
  51.  
  52. # import server cert chain into my-truststore.jks
  53.  
  54. keytool -keystore my-truststore.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem
  55. keytool -keystore my-truststore.jks -storepass password -importcert -alias ca -file ca.pem
  56. keytool -keystore my-truststore.jks -storepass password -importcert -alias server -file server.pem
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!