-
-
Save rsrini7/b3e61c593d0069bdc7c53ba5adfcc259 to your computer and use it in GitHub Desktop.
Generating full SSL for Tomcat/Jetty using Java Keytool.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Generates a SSL certificate, java-ready with the hardcoded ips and name. | |
# Change varibale names to suit your need, you can do JAVA_HOME=$JAVA_HOME too. | |
JAVA_HOME=/usr/lib/jvm/java-8-oracle | |
CERT_NAME="yurimdias" | |
STOREPASS="changeit" | |
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts | |
CERTIFICATE_PATH=./$(echo $CERT_NAME) | |
STORE_NAME=$CERTIFICATE_PATH-store.jks | |
CERT_PATH=$CERTIFICATE_PATH-cert.crt | |
echo "Generating certificate for: ${CERT_NAME}..." | |
echo "Making sure that there's not another certificate with the same name..." | |
sudo keytool \ | |
-delete -v \ | |
-alias $CERT_NAME \ | |
-keystore $KEYSTORE \ | |
-storepass $STOREPASS \ | |
-noprompt | |
rm $STORE_NAME -v | |
rm $CERT_PATH -v | |
echo 'Generating keystore and key-pair' | |
sudo keytool \ | |
-genkey \ | |
-alias $CERT_NAME \ | |
-keyalg RSA \ | |
-keystore $STORE_NAME \ | |
-dname "CN=localhost,OU=localhost, O=localhost, L=localhost, ST=localhost, C=BR" \ | |
-storepass $STOREPASS \ | |
-keypass $STOREPASS \ | |
-ext san=ip:127.0.0.1 \ | |
-validity 3650 \ | |
-noprompt | |
echo 'Exporting keystore to certificate' | |
sudo keytool \ | |
-exportcert \ | |
-alias $CERT_NAME \ | |
-keystore $STORE_NAME \ | |
-file $CERT_PATH \ | |
-storepass $STOREPASS \ | |
-noprompt | |
echo 'Adding certificate to java cacerts' | |
sudo keytool \ | |
-import \ | |
-alias $CERT_NAME \ | |
-file $CERT_PATH \ | |
-keystore $KEYSTORE \ | |
-storepass $STOREPASS \ | |
-noprompt | |
echo 'Checking if added...' | |
sudo keytool \ | |
-list -v \ | |
-alias $CERT_NAME \ | |
-keystore $KEYSTORE \ | |
-storepass $STOREPASS | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment