Created
August 26, 2019 06:02
-
-
Save alexwoolford/01b050464d9caf44bef4f3dad35ab404 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# generate a keystore containing a single key | |
keytool -genkey \ | |
-noprompt \ | |
-keyalg RSA \ | |
-alias cp01.woolford.io \ | |
-dname "CN=cp01.woolford.io, OU=woolford.io, O=woolford.io, L=Lafayette, ST=Colorado, C=US" \ | |
-keypass password \ | |
-keystore keystore.jks \ | |
-storepass password \ | |
-storetype pkcs12 \ | |
-validity 365 | |
#generate a certificate signing request (CSR) | |
keytool -certreq \ | |
-keystore keystore.jks \ | |
-alias cp01.woolford.io \ | |
-storepass password \ | |
-keypass password \ | |
-file cp01.woolford.io.csr | |
# login to ipa | |
kinit admin | |
# process the CSR | |
ipa cert-request cp01.woolford.io.csr \ | |
--principal=c3/cp01.woolford.io \ | |
--add \ | |
--certificate-out=cp01.woolford.io.signed.crt | |
# copy the ca.crt to the local folder | |
# inspect the signed certificate: | |
openssl x509 \ | |
-in cp01.woolford.io.signed.crt \ | |
-text | |
# add the CA certificate to Java's trusted certs | |
keytool -import \ | |
-keystore /usr/java/jdk1.8.0_201-amd64/jre/lib/security/cacerts \ | |
-storepass changeit \ | |
-alias IPARoot \ | |
-file ca.crt | |
# import signed certificate into keystore | |
keytool -import \ | |
-trustcacerts \ | |
-alias cp01.woolford.io \ | |
-keystore keystore.jks \ | |
-storepass password \ | |
-file cp01.woolford.io.signed.crt | |
# create truststore with ca certificate | |
keytool -import \ | |
-noprompt \ | |
-file ca.crt \ | |
-alias IPARoot \ | |
-keystore truststore.jks \ | |
-storepass password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment