osowski/generate-ssl-certs-for-confluent-platform.sh

## generate-ssl-certs-for-confluent-platform.sh
# Customized version of https://github.com/confluentinc/confluent-platform-security-tools

# Starting with confluentCA.pem & confluentCA.key provided by Administrator (which is created prior to Confluent Platform install)

DNAME="C=UK, ST=LON,L=LON,O=IBMTest,OU=Cloud,CN=confluent-platform-security"

# Create truststore from provided CA certificate
keytool -keystore kafka.cps1.truststore.jks -alias CARoot -import -file confluentCA.pem -noprompt -dname "${DNAME}" -keypass cps-password1 -storepass cps-password1

# Create client keystore containing a key pair and a self-signed certificate
keytool -keystore kafka.cps1.keystore.jks -alias localhost -validity 3650 -genkey -keyalg RSA -noprompt -dname "${DNAME}" -keypass cps-password1 -storepass cps-password1

# Create certificate signing request from the keystore's key pair
keytool -keystore kafka.cps1.keystore.jks -alias localhost -certreq -file keystore.csr -keypass cps-password1 -storepass cps-password1

# Sign the keystore's certificate with the truststore's private key (CA) (aka approve the certificate signing request)
openssl x509 -req -CA confluentCA.pem -CAkey confluentCA.key -in keystore.csr -out keystore-signed-cert -days 3650 -CAcreateserial

# Import the CA into the keystore
keytool -keystore kafka.cps1.keystore.jks -alias CARoot -import -file confluentCA.pem -keypass cps-password1 -storepass cps-password1 -noprompt

# Import the signed certificate back into the keystore
keytool -keystore kafka.cps1.keystore.jks -alias localhost -import -file keystore-signed-cert -keypass cps-password1 -storepass cps-password1

# Remove intermediate (non-Truststore/Keystore) files
rm keystore-signed-cert keystore.csr

# Create a config.properties file with the following values
## ssl.keystore.location=/.../kafka.cps1.keystore.jks
## ssl.keystore.password=cps-password1
## ssl.key.password=cps-password1
## ssl.truststore.location=/.../kafka.cps1.truststore.jks
## ssl.truststore.password=cps-password1
	# Customized version of https://github.com/confluentinc/confluent-platform-security-tools

	# Starting with confluentCA.pem & confluentCA.key provided by Administrator (which is created prior to Confluent Platform install)

	DNAME="C=UK, ST=LON,L=LON,O=IBMTest,OU=Cloud,CN=confluent-platform-security"

	# Create truststore from provided CA certificate
	keytool -keystore kafka.cps1.truststore.jks -alias CARoot -import -file confluentCA.pem -noprompt -dname "${DNAME}" -keypass cps-password1 -storepass cps-password1

	# Create client keystore containing a key pair and a self-signed certificate
	keytool -keystore kafka.cps1.keystore.jks -alias localhost -validity 3650 -genkey -keyalg RSA -noprompt -dname "${DNAME}" -keypass cps-password1 -storepass cps-password1

	# Create certificate signing request from the keystore's key pair
	keytool -keystore kafka.cps1.keystore.jks -alias localhost -certreq -file keystore.csr -keypass cps-password1 -storepass cps-password1

	# Sign the keystore's certificate with the truststore's private key (CA) (aka approve the certificate signing request)
	openssl x509 -req -CA confluentCA.pem -CAkey confluentCA.key -in keystore.csr -out keystore-signed-cert -days 3650 -CAcreateserial

	# Import the CA into the keystore
	keytool -keystore kafka.cps1.keystore.jks -alias CARoot -import -file confluentCA.pem -keypass cps-password1 -storepass cps-password1 -noprompt

	# Import the signed certificate back into the keystore
	keytool -keystore kafka.cps1.keystore.jks -alias localhost -import -file keystore-signed-cert -keypass cps-password1 -storepass cps-password1

	# Remove intermediate (non-Truststore/Keystore) files
	rm keystore-signed-cert keystore.csr

	# Create a config.properties file with the following values
	## ssl.keystore.location=/.../kafka.cps1.keystore.jks
	## ssl.keystore.password=cps-password1
	## ssl.key.password=cps-password1
	## ssl.truststore.location=/.../kafka.cps1.truststore.jks
	## ssl.truststore.password=cps-password1