scripts to set up cryptographical identity of a host (private key, certificates in pem, pkcs12 and java keystore format)

gistfile1.txt

# ----------------/usr/local/bin/mkidentity_req -------------
#!/bin/bash
cd /etc/ssl/private/
hostname=$(hostname -f)
echo "creating request for $hostname"
openssl req -subj "/CN=$hostname/" -new -newkey rsa:2048 -passout pass:changeit -out newreq.pem
openssl rsa -in privkey.pem -out privkey.key -passin pass:changeit
cp newreq.pem ~
echo req is at ~/newreq.pem
#----------------------------------------------------------------
# meantime on the CA host....
# scp $newhost:newreq.pem .
# CA -sign (or whatewer)
# scp newcert.pem cacert.pem $newhost:
#------------/usr/local/bin/mkidentity_install ------------------- 
#!/bin/bash
set -e
cd /etc/ssl/private
cp ~/cacert.pem ~/newcert.pem /etc/ssl
openssl pkcs12 -export -in /etc/ssl/newcert.pem -inkey privkey.key -certfile /etc/ssl/newcert.pem -name "$(hostname -f)" -out identity.p12 -CAfile /etc/ssl/cacert.pem -chain -passin pass:changeit -passout pass:changeit
keytool -importkeystore -srckeystore identity.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -srcalias "$(hostname -f)" -destalias "$(hostname -f)" -srcstorepass changeit -storepass changeit
keytool -importcert -file /etc/ssl/cacert.pem -trustcacerts -storepass changeit -noprompt -alias cacert -keystore keystore.jks

echo JAVA_OPTS="-Djavax.net.ssl.keyStore=/etc/ssl/private/keystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=/etc/ssl/private/keystore.jks -Djavax.net.ssl.trustStorePassword=changeit"