Skip to content

Instantly share code, notes, and snippets.

@kelseyhightower

kelseyhightower/gist:9942781

Last active August 29, 2015 13:58
Show Gist options
  • Save kelseyhightower/9942781 to your computer and use it in GitHub Desktop.
Save kelseyhightower/9942781 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Apache Apollo SSL

Creating a keystore using an existing SSL cert

Create a certificate bundle

Create a single cert bundle that includes the wildcard cert and key, also include any required intermediate certs.

mkdir workspace

tree workspace/
workspace/
├── gd_bundle-g2.crt
├── monsoontools.com.crt
└── monsoontools.com.key
    
cd workspace
cat monsoontools.com.crt monsoontools.com.key gd_bundle-g2.crt > monsoontools.com.pem

Create a PKCS#12 bundle

openssl pkcs12 -export -in monsoontools.com.pem -out monsoontools.com.p12
Enter Export Password:
Verifying - Enter Export Password:

Create a Java Keystore

sudo keytool -importkeystore -srckeystore monsoontools.com.p12 -srcstoretype PKCS12 \
-destkeystore edp-keystore
Enter destination keystore password:  
Re-enter new password: 
Enter source keystore password:  
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Configuration

Copy the keystore

cp edp-keystore  $APOLLO_INSTALL_PATH/etc/edp-keystore

Configure Apache Apollo to use the new keystore

Edit: $APOLLO_INSTALL_PATH/etc/apollo.xml

<key_storage file="${apollo.base}/etc/edp-keystore" password="password" key_password="password"/>

Restart the broker

sudo service /apollo-broker-service restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment