...
Scriptet genererar 2 keystores i detta fallet, då det finns 2 klientcertifikat (ett för internet och ett för sjunet).
Produktion
Kodblock | ||||
---|---|---|---|---|
| ||||
rm -rf generated-jks
mkdir generated-jks
rm -rf generated-pem
mkdir generated-pem
echo "=== Export SITHS CA's as PEM ==="
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Type_2_CA_v1.cer" -out generated-pem/siths_type_2_ca_v1.pem -outform PEM
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Root_CA_v1.crt" -out generated-pem/siths_root_ca_v1.pem -outform PEM
# Export P12 Certificate (PEM)
echo "=== Export esb.ntjp.sjunet.org.p12 Certificate (PEM) ==="
openssl pkcs12 -in ../skltp/esb.ntjp.sjunet.org_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -nokeys
# Export P12 Certificate (PEM)
echo "=== Export esb.ntjp.se.p12 Certificate (PEM) ==="
openssl pkcs12 -in ../skltp/esb.ntjp.se_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.se.p12.crt.pem -nokeys
# SITHS TYPE 2 CA V1 + SITHS ROOT V1 (PEM)
echo "=== Create SITHS CA Chain ==="
cat generated-pem/siths_type_2_ca_v1.pem generated-pem/siths_root_ca_v1.pem > generated-pem/ca_chain.pem
# Remove Header.
echo "=== Remove Bag Header from PEM ==="
openssl x509 -in generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -out generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem
openssl x509 -in generated-pem/esb.ntjp.se.p12.crt.pem -out generated-pem/esb.ntjp.se.p12.crt.out.pem
# Create Complete Certificate Chain.
echo "=== Create Complete Certificate Chain ==="
cat generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.sjunet.org_cert_chain.pem
cat generated-pem/esb.ntjp.se.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.se_cert_chain.pem
# Import P12 to Keystore
echo "=== Import esb.ntjp.sjunet.org.p12 (alias: esb.ntjp.sjunet.org) to Keystore: esb.ntjp.sjunet.org.jks ==="
keytool -importkeystore -srckeystore ../skltp/esb.ntjp.sjunet.org.p12 -srcalias esb.ntjp.sjunet.org -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.sjunet.org.jks -destalias esb.ntjp.sjunet.org -deststoretype JKS
echo "=== Import esb.ntjp.se.p12 (alias: esb.ntjp.se) to Keystore: esb.ntjp.se.jks ==="
keytool -importkeystore -srckeystore ../skltp/esb.ntjp.se.p12 -srcalias esb.ntjp.se -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.se.jks -destalias esb.ntjp.se -deststoretype JKS
# Import Complete Certifcate Chain
echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.sjunet.org.jks==="
keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.sjunet.org.jks -alias esb.ntjp.sjunet.org -file generated-pem/esb.ntjp.sjunet.org_cert_chain.pem -noprompt
echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.se.jks==="
keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.se.jks -alias esb.ntjp.se -file generated-pem/esb.ntjp.se_cert_chain.pem -noprompt
# Change sharing and permissions on JKS files
chmod 444 generated-jks/*.jks |
QA
Kodblock |
---|
rm -rf generated-jks mkdir generated-jks rm -rf generated-pem mkdir generated-pem echo "=== Export SITHS CA's as PEM ===" openssl x509 -inform DER -in "../CA/SITHS/SITHS_Type_2_CA_v1_PP.crt" -out generated-pem/siths_type_2_ca_v1_PP.pem -outform PEM openssl x509 -inform DER -in "../CA/SITHS/SITHS_Root_CA_v1_PP.crt" -out generated-pem/siths_root_ca_v1_PP.pem -outform PEM # Export P12 Certificate (PEM) Sjunet echo "=== Export esb.ntjp.sjunet.org.p12 Certificate (PEM) ===" openssl pkcs12 -in ../skltp/qa.esb.ntjp.sjunet.org_auth.p12 -out generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.pem -nokeys # SITHS TYPE 2 CA V1 + SITHS ROOT V1 (PEM) echo "=== Create SITHS CA Chain ===" cat generated-pem/siths_type_2_ca_v1_PP.pem generated-pem/siths_root_ca_v1_PP.pem > generated-pem/ca_chain.pem # Remove Header. echo "=== Remove Bag Header from PEM ===" openssl x509 -in generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.pem -out generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.out.pem # Create Complete Certificate Chain. echo "=== Create Complete Certificate Chain ===" cat generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/qa.esb.ntjp.sjunet.org_cert_chain.pem # Import P12 to Keystore echo "=== Import qa.esb.ntjp.sjunet.org.p12 (alias: qa.esb.ntjp.sjunet.org) to Keystore: qa.esb.ntjp.sjunet.org.jks ===" keytool -importkeystore -srckeystore ../skltp/qa.esb.ntjp.sjunet.org_auth.p12 -srcalias qa.esb.ntjp.sjunet.org -srcstoretype PKCS12 -destkeystore generated-jks/qa.esb.ntjp.sjunet.org.jks -destalias qa.esb.ntjp.sjunet.org -deststoretype JKS # Import Complete Certifcate Chain echo "=== Import Complete Certificate Chain to Keystore: qa.esb.ntjp.sjunet.org.jks===" keytool -import -trustcacerts -keystore generated-jks/qa.esb.ntjp.sjunet.org.jks -alias qa.esb.ntjp.sjunet.org -file generated-pem/qa.esb.ntjp.sjunet.org_cert_chain.pem -noprompt # Change sharing and permissions on JKS files chmod 444 generated-jks/*.jks |
Verifiera certifikatskedjan med openssl
...